Compare Revisions

The credentials to download the source code are:
 Username: svnusers
 Password: svnusers

Ignore whitespace Rev 3343 → Rev 3342

/branches/STF525/ccsrc/Externals/LibItsSecurity_externals.cc
560,14 → 560,13
security_ecc ec(ec_elliptic_curves::nist_p_256);
// Extract the tag
OCTETSTRING tag(16, p__ct.lengthof() - 16 + static_cast<const unsigned char*>(p__ct));
OCTETSTRING tag(16, static_cast<const unsigned char*>(p__ct) - 16);
loggers::get_instance().log_msg("fx__test__decrypt__aes__128__ccm__test: tag: ", tag);
// Remove the tag from the end of the encrypted message
OCTETSTRING ct(p__ct.lengthof() - 16, static_cast<const unsigned char*>(p__ct));
loggers::get_instance().log_msg("fx__test__decrypt__aes__128__ccm__test: ct: ", ct);
OCTETSTRING message;
if (ec.decrypt(encryption_algotithm::aes_128_ccm, p__k, p__n, tag, ct, message) == -1) {
if (ec.decrypt(encryption_algotithm::aes_128_ccm, p__k, p__n, tag, p__ct, message) == -1) {
loggers::get_instance().warning("fx__test__decrypt__aes__128__ccm__test: Failed to decrypt message");
return OCTETSTRING(0, nullptr);
}
/branches/STF525/ccsrc/Protocols/Security/hmac.cc
18,7 → 18,7
return -1;
}
 
return generate(static_cast<const unsigned char*>(p_buffer), p_buffer.lengthof(), static_cast<const unsigned char*>(p_secret_key), p_secret_key.lengthof(), p_hmac);
return generate( static_cast<const unsigned char*>(p_buffer), p_buffer.lengthof(), static_cast<const unsigned char*>(p_secret_key), p_secret_key.lengthof(), p_hmac);
}
 
int hmac::generate(const unsigned char* p_buffer, const size_t p_buffer_length, const unsigned char* p_secret_key, const size_t p_secret_key_length, OCTETSTRING& p_hmac) {
/branches/STF525/ccsrc/Protocols/Security/hmac.hh
41,7 → 41,7
/*!
* \brief Default destructor
*/
virtual ~hmac() { if (_ctx != nullptr) { ::HMAC_CTX_free(_ctx); }; };
virtual ~hmac() { if (_ctx == nullptr) { ::HMAC_CTX_free(_ctx); }; };
 
/*!
* \fn int generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac);
/branches/STF525/ccsrc/Protocols/Security/security_cache.cc
9,8 → 9,6
* All rights reserved.
* \version 0.1
*/
#include <TTCN3.hh>
 
#include "security_cache.hh"
 
#include "params.hh"
61,7 → 59,7
dump();
return -1;
}
p_certificate = it->second.get()->certificate();
p_certificate = it->second.get()->certificate()
return 0;
}
154,8 → 152,8
return -1;
}
const OCTETSTRING public_comp_key = it->second.get()->public_comp_key(); // 33 or 49 bytes length
p_public_comp_key = OCTETSTRING(public_comp_key.lengthof() - 1, 1 + static_cast<const unsigned char*>(public_comp_key)); // 32 or 48 bytes length
p_comp_mode = INTEGER(((public_comp_key[0].get_octet() % 2) == 0) ? 0 : 1); // compressed-y-0 or compressed-y-1
p_public_comp_key = OCTETSTRING(public_comp_key.lengthof() - 1, 1 + static_cast<const unsihned char*?>(public_comp_key)); // 32 or 48 bytes length
p_comp_mode = INTEGER(((public_comp_key[0] % 2) == 0) ? 0 : 1); // compressed-y-0 or compressed-y-1
 
return 0;
}
168,7 → 166,8
loggers::get_instance().warning("security_cache::get_private_enc_key: record not found");
return -1;
}
p_private_enc_key = it->second.get()->private_enc_key();
const OCTETSTRING private_enc_key = it->second.get()->private_enc_key();
p_private_enc_key = OCTETSTRING(private_enc_key.lengthof(), private_enc_key.data());
 
return 0;
}
181,8 → 180,10
loggers::get_instance().warning("security_cache::get_public_enc_keys: record not found");
return -1;
}
p_public_enc_key_x = it->second.get()->public_enc_key_x();
p_public_enc_key_y = it->second.get()->public_enc_key_y();
const OCTETSTRING public_enc_key_x = it->second.get()->public_enc_key_x();
p_public_enc_key_x = OCTETSTRING(public_enc_key_x.lengthof(), public_enc_key_x.data());
const OCTETSTRING public_enc_key_y = it->second.get()->public_enc_key_y();
p_public_enc_key_y = OCTETSTRING(public_enc_key_y.lengthof(), public_enc_key_y.data());
 
return 0;
}
196,8 → 197,8
return -1;
}
const OCTETSTRING public_enc_comp_key = it->second.get()->public_enc_comp_key(); // 33 or 49 bytes length
p_public_enc_comp_key = OCTETSTRING(public_enc_comp_key.lengthof() - 1, 1 + static_cast<const unsigned char*>(public_enc_comp_key)); // 32 or 48 bytes length
p_enc_comp_mode = INTEGER(((public_enc_comp_key[0].get_octet() % 2) == 0) ? 0 : 1); // compressed-y-0 or compressed-y-1
p_public_enc_comp_key = OCTETSTRING(public_enc_comp_key.lengthof() - 1, 1 + public_enc_comp_key.data()); // 32 or 48 bytes length
p_enc_comp_mode = INTEGER(((public_enc_comp_key[0] % 2) == 0) ? 0 : 1); // compressed-y-0 or compressed-y-1
 
return 0;
}
204,7 → 205,7
 
bool security_cache::fill_vector(OCTETSTRING& p_vector, const OCTETSTRING& p_org) {
if (p_vector.is_bound()) {
p_vector = p_org;
p_vector = OCTETSTRING(p_org.lengthof(), static_cast<const unsigned char*>(p_org));
return true;
}
p_vector = OCTETSTRING(0, nullptr);
277,7 → 278,7
}
 
void security_cache::dump() const {
loggers::get_instance().log("security_cache::dump_certificates: # items = %d", _certificates.size());
loggers::get_instance().log("security_cache::dump_certificates: # items = %d", _certificates.lengthof());
for (std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.cbegin(); it != _certificates.cend(); ++it) {
security_db_record* p = it->second.get();
loggers::get_instance().log("security_cache::dump: certificate_id = %s", p->certificate_id().c_str());
/branches/STF525/ccsrc/Protocols/Security/security_db.cc
1,5 → 1,3
#include <TTCN3.hh>
 
#include "security_db.hh"
 
#include "params.hh"
/branches/STF525/ccsrc/Protocols/Security/security_db_record.hh
40,7 → 40,7
OCTETSTRING _pu_enc_key_x; /*!< Public encryption key X-coordinate storage */
OCTETSTRING _pu_enc_key_y; /*!< Public encryption key Y-coordinate storage */
OCTETSTRING _pu_enc_comp_key; /*!< Public compressed encryption key storage */
bool _to_be_saved; /*!< Flag to indicate if the record shall be saved, i.e. has been modified */
bool _to_be_saved; /*!< Flag to indicate if the record shall be saved, i.e. has been modified */
IEEE1609dot2::CertificateBase* _decoded_certificate;
public: /*! \publicsection */
/branches/STF525/ccsrc/Protocols/Security/security_ecc.cc
8,8 → 8,6
* All rights reserved.
* \version 0.1
*/
#include <TTCN3.hh>
 
#include <openssl/ecdsa.h>
#include <openssl/rand.h>
 
56,7 → 54,6
// Set private key
::EC_KEY_set_private_key(_ec_key, p);
if (::EC_KEY_check_key(_ec_key) != 0) {
::BN_clear_free(p);
loggers::get_instance().error("security_ecc::security_ecc (1): Invalid private key");
}
::BN_clear_free(p);
67,7 → 64,6
BIGNUM* xy = ::BN_new();
::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, xy, _bn_ctx);
if (BN_num_bytes(xy) == 0) {
::BN_clear_free(xy);
loggers::get_instance().error("security_ecc::security_ecc (1): Failed to generate xy coordinates, check algorithms");
}
loggers::get_instance().log("security_ecc::security_ecc (1): xy length: %d", BN_num_bytes(xy));
99,7 → 95,7
} else { // Remove first byte
loggers::get_instance().log_msg("security_ecc::security_ecc (1): Complete _pub_key_compressed=", _pub_key_compressed);
_pub_key_compressed_mode = ((v[0].get_octet() & 0x01) == 0x00) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1;
_pub_key_compressed = OCTETSTRING(_pub_key_compressed.lengthof() - 1, 1 + static_cast<const unsigned char*>(_pub_key_compressed));
_pub_key_compressed = OCTETSTRING().erase(_pub_key_compressed.lengthof() - 1, 1 + static_cast<const unsigned char*>(_pub_key_compressed));
}
}
::EC_POINT_free(ec_point);
148,8 → 144,6
result = ::EC_POINT_set_affine_coordinates_GF2m(_ec_group, ec_point, x, y, _bn_ctx);
} // End of 'switch' statement
if (result == 0) {
::BN_clear_free(x);
::BN_clear_free(y);
loggers::get_instance().error("security_ecc::security_ecc (2): Failed to get coordinates");
}
::BN_clear_free(x); x = nullptr;
226,7 → 220,6
BIGNUM* xy = ::BN_new();
::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, xy, _bn_ctx);
if (BN_num_bytes(xy) == 0) {
::BN_clear_free(xy);
loggers::get_instance().error("security_ecc::security_ecc (3): Failed to generate xy coordinates, check algorithms");
}
loggers::get_instance().log("security_ecc::security_ecc (3): xy length: %d", BN_num_bytes(xy));
319,7 → 312,7
_pub_key_compressed = OCTETSTRING(0, nullptr);
} else { // Remove first byte
loggers::get_instance().log_msg("security_ecc::generate: Complete _pub_key_compressed=", _pub_key_compressed);
_pub_key_compressed_mode = ((_pub_key_compressed[0].get_octet() & 0x01) == 0x00) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1;
_pub_key_compressed_mode = ((_pub_key_compressed[0].get_byte() & 0x01) == 0x00) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1;
_pub_key_compressed = OCTETSTRING(_pub_key_compressed.lengthof() -1, 1 + static_cast<const unsigned char*>(_pub_key_compressed));
}
loggers::get_instance().log_msg("security_ecc::generate: _pri_key=", _pri_key);
396,7 → 389,7
const int k_mac = k_length + k_length;
OCTETSTRING digest(k_enc + k_mac, 0x00);
loggers::get_instance().log("security_ecc::generate_and_derive_ephemeral_key (1): k_enc size:%d - k_mac size: %d - digest size:%d: ", k_enc, k_mac, digest.lengthof());
if (PKCS5_PBKDF2_HMAC((const char*)static_cast<const unsigned char*>(_secret_key), _secret_key.lengthof(), nullptr, 0, 2000, EVP_sha256(), digest.lengthof(), (unsigned char*)static_cast<const unsigned char*>(digest)) != 1) {
if (PKCS5_PBKDF2_HMAC((unsigned char*)static_cast<const unsigned char*>(_secret_key), _secret_key.lengthof(), nullptr, 0, 2000, EVP_sha256(), digest.lengthof(), (unsigned char*)static_cast<const unsigned char*>(digest)) != 1) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Failed to derive shared secret key");
return -1;
}
486,7 → 479,7
const int k_mac = k_length + k_length;
OCTETSTRING digest(k_enc + k_mac, 0x00);
loggers::get_instance().log("security_ecc::generate_and_derive_ephemeral_key (2): k_enc size:%d - k_mac size: %d - digest size:%d: ", k_enc, k_mac, digest.lengthof());
if (PKCS5_PBKDF2_HMAC((const char*)static_cast<const unsigned char*>(_secret_key), _secret_key.lengthof(), nullptr, 0, 2000, EVP_sha256(), digest.lengthof(), (unsigned char*)static_cast<const unsigned char*>(digest)) != 1) {
if (PKCS5_PBKDF2_HMAC((unsigned char*)static_cast<const unsigned char*>(_secret_key), _secret_key.lengthof(), nullptr, 0, 2000, EVP_sha256(), digest.lengthof(), (unsigned char*)static_cast<const unsigned char*>(digest)) != 1) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Failed to derive shared secret key");
return -1;
}
493,16 → 486,16
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): digest: ", digest);
 
// Extract AES 128 parameters
OCTETSTRING nonce(nonce_length, static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): Generated nonce: ", nonce);
OCTETSTRING sym_key(sym_key_length, nonce.lengthof() + static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): sym_key: ", sym_key);
OCTETSTRING tag(tag_length, nonce.lengthof() + sym_key.lengthof() + tag.lengthof() + static_cast<const unsigned char*>(digest)); // TODO Useless???
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): tag: ", tag);
_nonce = OCTETSTRING(nonce_length, static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): _nonce: ", _nonce);
_sym_key = OCTETSTRING(sym_key_length, _nonce.lengthof() + static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): _sym_key: ", _sym_key);
_tag = OCTETSTRING(tag_length, _nonce.lengthof() + + _sym_key.lengthof() + static_cast<const unsigned char*>(digest)); // TODO Useless???
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): _tag: ", _tag);
// Extract the HMAC key
OCTETSTRING hmac_secret(k_length + k_length, nonce_length + sym_key_length + tag_length + static_cast<const unsigned char*>(digest));
OCTETSTRING hmac_secret = OCTETSTRING(k_length + k_length, nonce_length + sym_key_length + tag_length + static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): hmac_secret: ", hmac_secret);
 
// Encrypt the _sym_key
if (encrypt(encryption_algotithm::aes_128_ccm, _sym_key, _nonce, _sym_key, _enc_sym_key) == -1) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (2): Failed to encrypt key");
576,7 → 569,7
int len = 0;
::EVP_EncryptUpdate(ctx, (unsigned char*)static_cast<const unsigned char*>(p_enc_message), &len, static_cast<const unsigned char*>(p_message), p_message.lengthof());
// Finalize the encryption session
::EVP_EncryptFinal_ex(ctx, (unsigned char*)static_cast<const unsigned char*>(p_enc_message) + len, &len);
::EVP_EncryptFinal_ex(ctx, (unsigned char*)static_cast<const unsigned char*>(p_enc_message)) + len, &len);
// Get the authentication tag(const char*)static_cast<const unsigned char*>(
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, _tag.lengthof(), (unsigned char*)static_cast<const unsigned char*>(_tag));
loggers::get_instance().log_msg("security_ecc::encrypt: tag: ", _tag);
600,7 → 593,7
::EVP_EncryptInit_ex(ctx, EVP_aes_128_ccm(), nullptr, nullptr, nullptr);
// Allocate buffers size
_tag = int2oct(0, 16);
p_enc_message = int2oct(0, p_message.lengthof());
p_enc_message.resize(p_message.lengthof());
break;
case encryption_algotithm::aes_256_ccm:
::EVP_EncryptInit_ex(ctx, EVP_aes_256_ccm(), nullptr, nullptr, nullptr);
619,7 → 612,7
// Set tag length
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.lengthof(), nullptr);
// Prime the key and nonce
::EVP_EncryptInit_ex(ctx, nullptr, nullptr, static_cast<const unsigned char*>(_sym_key), static_cast<const unsigned char*>(_nonce));
::EVP_EncryptInit_ex(ctx, nullptr, nullptr, (unsigned char*)static_cast<const unsigned char*>(_sym_key), (const char*)static_cast<const unsigned char*>(_nonce));
// No authentication data
// Encrypt the data
int len = 0;
662,11 → 655,11
// Set nonce length
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.lengthof(), nullptr);
// Set expected tag value
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.lengthof(), (unsigned char*)static_cast<const unsigned char*>(_tag));
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.lengthof(), static_cast<const unsigned char*>(_tag));
// Specify key and IV
EVP_DecryptInit_ex(ctx, nullptr, nullptr, static_cast<const unsigned char*>(_sym_key), static_cast<const unsigned char*>(_nonce));
// Decrypt plaintext, verify tag: can only be called once
p_message = int2oct(0, p_enc_message.lengthof());
p_message.resize(p_enc_message.lengthof());
int len = 0;
int result = EVP_DecryptUpdate(ctx, (unsigned char*)static_cast<const unsigned char*>(p_message), &len, static_cast<const unsigned char*>(p_enc_message), p_enc_message.lengthof());
loggers::get_instance().log("security_ecc::decrypt: len: %d", len);
705,11 → 698,11
// Set nonce length
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.lengthof(), nullptr);
// Set expected tag value
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.lengthof(), (unsigned char*)static_cast<const unsigned char*>(_tag));
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.lengthof(), static_cast<const unsigned char*>(_tag));
// Specify key and IV
EVP_DecryptInit_ex(ctx, nullptr, nullptr, static_cast<const unsigned char*>(_sym_key), static_cast<const unsigned char*>(_nonce));
// Decrypt plaintext, verify tag: can only be called once
p_message = int2oct(0, p_enc_message.lengthof());
p_message.resize(p_enc_message.lengthof());
int len = 0;
int result = EVP_DecryptUpdate(ctx, (unsigned char*)static_cast<const unsigned char*>(p_message), &len, static_cast<const unsigned char*>(p_enc_message), p_enc_message.lengthof());
loggers::get_instance().log("security_ecc::decrypt: len: %d", len);
818,7 → 811,7
int security_ecc::bin_to_ec_point(const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, EC_POINT** p_ec_point) { // ec_key_public_key_bin_to_point
BIGNUM* pubk_bn;
 
OCTETSTRING v = int2oct(4, 1);
OCTETSTRING v(1, 0x04);
v += p_public_key_x;
v += p_public_key_y;
 
/branches/STF525/ccsrc/Protocols/Security/sha256.cc
34,7 → 34,7
// Compute the hash value
::SHA256_Init(&_ctx);
::SHA256_Update(&_ctx, p_buffer, p_length);
::SHA256_Final((unsigned char*)static_cast<const unsigned char*>(p_hash), &_ctx);
::SHA256_Final(static_cast<unsigned char*>(p_hash.data()), &_ctx);
return 0;
};
 
/branches/STF525/ccsrc/Protocols/Security/sha384.cc
36,7 → 36,7
// Compute the hash value
::SHA384_Init(&_ctx);
::SHA384_Update(&_ctx, p_buffer, p_length);
::SHA384_Final((unsigned char*)static_cast<const unsigned char*>(p_hash), &_ctx);
::SHA384_Final(static_cast<unsigned char*>(p_hash.data()), &_ctx);
return 0;
}
 
/branches/STF525/ccsrc/Protocols/Security/security_services.cc
1,5 → 1,3
#include <TTCN3.hh>
 
#include <chrono>
#include <cmath>
 
10,9 → 8,9
#include "etsi_ts103097_data_codec.hh"
#include "etsi_ts103097_certificate_codec.hh"
 
#include "security_ecc.hh"
#include "sha256.hh"
#include "sha384.hh"
#include "security_ecc.hh"
 
#include "params.hh"
 
245,8 → 243,12
// Unknown certificate, request it
loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Unknown certificate, request it");
const OCTETSTRING& os = p_signed_data.signer().digest();
_unknown_certificate = OCTETSTRING(3, static_cast<const unsigned char*>(os) + os.lengthof() - 3);
loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: HashedId3: ", _unknown_certificate);
_unknown_certificate.resize(3);
const unsigned char* p = static_cast<const unsigned char*>(os) + os.lengthof() - 3;
for (int i = 0; i < 3; i++) {
_unknown_certificate[i] = *(p + i);
} // End of 'for' statement
loggers::get_instance().log_to_hexa("security_services::process_ieee_1609_dot2_signed_data: HashedId3: ", _unknown_certificate.data(), _unknown_certificate.size());
}
// Reset certificate timer
loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Set Certificate re-transmission flag and reset timer");
361,23 → 363,31
loggers::get_instance().warning("security_services::process_ieee_1609_dot2_encrypted_data: Failed to retrieve private encryption key");
return -1;
}
std::vector<unsigned char> private_enc_key(static_cast<const unsigned char*>(p_enc_key), p_enc_key.lengthof() + static_cast<const unsigned char*>(p_enc_key));
 
// 3. Generate the shared secret value based on recipient's public ephemeral keys will be required
security_ecc ec(ec_elliptic_curves::nist_p_256, p_enc_key);
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p_enc_key, ecies->v().uncompressedP256().x(), ecies->v().uncompressedP256().y(), ecies->c(), p_encrypted_data.ciphertext().aes128ccm().nonce(), ecies->t()) == -1) {
security_ecc ec(ec_elliptic_curves::nist_p_256, private_enc_key);
std::vector<unsigned char> ephemeral_public_key_x(static_cast<const unsigned char*>(ecies->v().uncompressedP256().x()), ecies->v().uncompressedP256().x().lengthof() + static_cast<const unsigned char*>(ecies->v().uncompressedP256().x()));
std::vector<unsigned char> ephemeral_public_key_y(static_cast<const unsigned char*>(ecies->v().uncompressedP256().y()), ecies->v().uncompressedP256().y().lengthof() + static_cast<const unsigned char*>(ecies->v().uncompressedP256().y()));
std::vector<unsigned char> enc_sym_key(static_cast<const unsigned char*>(ecies->c()), ecies->c().lengthof() + static_cast<const unsigned char*>(ecies->c()));
std::vector<unsigned char> nonce(static_cast<const unsigned char*>(p_encrypted_data.ciphertext().aes128ccm().nonce()), p_encrypted_data.ciphertext().aes128ccm().nonce().lengthof() + static_cast<const unsigned char*>(p_encrypted_data.ciphertext().aes128ccm().nonce()));
std::vector<unsigned char> authentication_vector(static_cast<const unsigned char*>(ecies->t()), ecies->t().lengthof() + static_cast<const unsigned char*>(ecies->t()));
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, private_enc_key, ephemeral_public_key_x, ephemeral_public_key_y, enc_sym_key, nonce, authentication_vector) == -1) {
loggers::get_instance().warning("security_services::process_ieee_1609_dot2_encrypted_data: Failed to generate shared secret");
return -1;
}
 
// 4. Decrypt the message
OCTETSTRING enc_message(p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext().lengthof() - ec.tag().lengthof(), static_cast<const unsigned char*>(p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext()));
loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_encrypted_data: enc_message: ", enc_message);
OCTETSTRING tag(ec.tag().lengthof(), enc_message.lengthof() + static_cast<const unsigned char*>(p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext()));
loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_encrypted_data: tag: ", tag);
if (ec.decrypt(tag, enc_message, p_unsecured_payload) == -1) {
std::vector<unsigned char> enc_message(static_cast<const unsigned char*>(p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext()), p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext().lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext()));
loggers::get_instance().log_to_hexa("security_services::process_ieee_1609_dot2_encrypted_data: enc_message: ", enc_message.data(), enc_message.size());
std::vector<unsigned char> tag(p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext().lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext()), p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext().lengthof() + static_cast<const unsigned char*>(p_encrypted_data.ciphertext().aes128ccm().ccmCiphertext()));
loggers::get_instance().log_to_hexa("security_services::process_ieee_1609_dot2_encrypted_data: tag: ", tag.data(), tag.size());
std::vector<unsigned char> message;
if (ec.decrypt(tag, enc_message, message) == -1) {
loggers::get_instance().warning("security_services::process_ieee_1609_dot2_encrypted_data: Failed to generate shared secret");
return -1;
}
p_unsecured_payload = OCTETSTRING(message.size(), message.data());
loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_encrypted_data: ", p_unsecured_payload);
return 0;
459,11 → 469,11
i.set_long_long_val((unsigned int)ms);
header_info.generationTime() = OPTIONAL<INTEGER>(i);
// Check if a certificate shall be requested
if (_unknown_certificate.lengthof() == 3) { // HashedId3
if (_unknown_certificate.size() == 3) { // HashedId3
IEEE1609dot2BaseTypes::SequenceOfHashedId3 s;
s[0] = _unknown_certificate;
s[0] = OCTETSTRING(_unknown_certificate.size(), _unknown_certificate.data());
header_info.inlineP2pcdRequest() = OPTIONAL<IEEE1609dot2BaseTypes::SequenceOfHashedId3>(s);
_unknown_certificate = OCTETSTRING(0, nullptr);
_unknown_certificate.clear();
} else {
header_info.inlineP2pcdRequest().set_to_omit();
}
551,6 → 561,8
}
loggers::get_instance().log_msg("security_services::encrypt_gn_payload: r_public_key_x = ", r_public_key_x);
loggers::get_instance().log_msg("security_services::encrypt_gn_payload: r_public_key_y = ", r_public_key_y);
std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(r_public_key_x), r_public_key_x.lengthof() + static_cast<const unsigned char *>(r_public_key_x));
std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(r_public_key_y), r_public_key_y.lengthof() + static_cast<const unsigned char *>(r_public_key_y));
// 2. Generate new Private/Public ephemeral keys
if (_ec_keys_enc.get()->generate() == -1) {
559,31 → 571,37
}
// 3. Generate and derive shared secret
if (_ec_keys_enc.get()->generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, r_public_key_x, r_public_key_y) == -1) {
if (_ec_keys_enc.get()->generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate and derive secret key");
return -1;
}
 
// 4. Buil curve data structure
OCTETSTRING public_ephemeral_key_x(_ec_keys_enc.get()->public_key_x().size(), _ec_keys_enc.get()->public_key_x().data());
OCTETSTRING public_ephemeral_key_y(_ec_keys_enc.get()->public_key_y().size(), _ec_keys_enc.get()->public_key_y().data());
OCTETSTRING encrypt_aes_128_key(_ec_keys_enc.get()->encrypted_symmetric_key().size(), _ec_keys_enc.get()->encrypted_symmetric_key().data());
OCTETSTRING encrypt_aes_128_tag(_ec_keys_enc.get()->tag().size(), _ec_keys_enc.get()->tag().data());
IEEE1609dot2BaseTypes::EccP256CurvePoint eccP256CurvePoint;
eccP256CurvePoint.uncompressedP256().x() = _ec_keys_enc.get()->public_key_x();
eccP256CurvePoint.uncompressedP256().y() = _ec_keys_enc.get()->public_key_y();
eccP256CurvePoint.uncompressedP256().x() = public_ephemeral_key_x;
eccP256CurvePoint.uncompressedP256().y() = public_ephemeral_key_y;
IEEE1609dot2BaseTypes::EciesP256EncryptedKey ecies_key(
eccP256CurvePoint,
_ec_keys_enc.get()->encrypted_symmetric_key(),
_ec_keys_enc.get()->tag()
encrypt_aes_128_key,
encrypt_aes_128_tag
);
loggers::get_instance().log_msg("security_services::encrypt_gn_payload: ecies_key = ", ecies_key);
// 5. AES-128 encryption of the data
OCTETSTRING enc_message;
if (_ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, _ec_keys_enc.get()->symmetric_encryption_key(), _ec_keys_enc.get()->nonce(), p_unsecured_gn_payload, enc_message) == -1) {
std::vector<unsigned char> message(static_cast<const unsigned char*>(p_unsecured_gn_payload), p_unsecured_gn_payload.lengthof() + static_cast<const unsigned char*>(p_unsecured_gn_payload));
std::vector<unsigned char> enc_message;
if (_ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, _ec_keys_enc.get()->symmetric_encryption_key(), _ec_keys_enc.get()->nonce(), message, enc_message) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to encrypt message");
return -1;
}
OCTETSTRING nonce = _ec_keys_enc.get()->nonce();
OCTETSTRING tag = _ec_keys_enc.get()->tag();
IEEE1609dot2::AesCcmCiphertext aes_128_ccm(nonce, enc_message + tag); // Add tag at the end of the ciphered text
OCTETSTRING nonce = OCTETSTRING(_ec_keys_enc.get()->nonce().size(), _ec_keys_enc.get()->nonce().data());
OCTETSTRING tag = OCTETSTRING(_ec_keys_enc.get()->tag().size(), _ec_keys_enc.get()->tag().data());
OCTETSTRING enc_payload = OCTETSTRING(enc_message.size(), enc_message.data());
IEEE1609dot2::AesCcmCiphertext aes_128_ccm(nonce, enc_payload + tag); // Add tag at the end of the ciphered text
// 6. Build SymmetricCiphertext
IEEE1609dot2::SymmetricCiphertext cipher_text;
cipher_text.aes128ccm() = aes_128_ccm;
680,7 → 698,12
loggers::get_instance().log_msg(">>> security_services::hash_sha256: ", p_data);
sha256 hash;
return hash.generate(p_data, p_hash_data) ;
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p_data), p_data.lengthof() + static_cast<const unsigned char *>(p_data));
std::vector<unsigned char> hashData;
hash.generate(tbh, hashData);
p_hash_data = OCTETSTRING(hashData.size(), hashData.data());
 
return 0;
}
 
int security_services::hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data) {
687,7 → 710,12
loggers::get_instance().log_msg(">>> security_services::hash_sha384: ", p_data);
sha384 hash;
return hash.generate(p_data, p_hash_data);
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p_data), p_data.lengthof() + static_cast<const unsigned char *>(p_data));
std::vector<unsigned char> hashData;
hash.generate(tbh, hashData);
p_hash_data = OCTETSTRING(hashData.size(), hashData.data());
return 0;
}
 
int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params) {
700,6 → 728,7
loggers::get_instance().warning("security_services::sign_ecdsa_nistp256: Failed to get private key");
return -1;
}
std::vector<unsigned char> private_key(static_cast<const unsigned char *>(pkey), static_cast<const unsigned char *>(pkey) + pkey.lengthof());
// Hash ( Hash (Data input) || Hash (Signer identifier input) )
OCTETSTRING hash_cert;
if (_security_db->get_hash(certificate_id, hash_cert) != 0) {
711,18 → 740,19
loggers::get_instance().log_msg("security_services::sign_ecdsa_nistp256: hash: ", os);
OCTETSTRING hashed_data;
hash_sha256(os, hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
security_ecc k(ec_elliptic_curves::nist_p_256, pkey);
OCTETSTRING r_sig;
OCTETSTRING s_sig;
if (k.sign(hashed_data, r_sig, s_sig) != 0) {
std::vector<unsigned char> tbv(static_cast<const unsigned char *>(hashed_data), static_cast<const unsigned char *>(hashed_data) + hashed_data.lengthof());
security_ecc k(ec_elliptic_curves::nist_p_256, private_key);
std::vector<unsigned char> r_sig;
std::vector<unsigned char> s_sig;
if (k.sign(tbv, r_sig, s_sig) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_nistp256: Failed to sign payload");
return -1;
}
IEEE1609dot2BaseTypes::EccP256CurvePoint ep;
ep.x__only() = r_sig;
ep.x__only() = OCTETSTRING(r_sig.size(), r_sig.data());
p_signature.ecdsaNistP256Signature() = IEEE1609dot2BaseTypes::EcdsaP256Signature(
ep,
s_sig
OCTETSTRING(s_sig.size(), s_sig.data())
);
loggers::get_instance().log_msg("security_services::sign_ecdsa_nistp256: signature = ", p_signature);
740,33 → 770,39
}
// Generate the hash to be verified: Hash ( Hash (Data input) || Hash (Signer identifier input) )
OCTETSTRING issuer; // Hash (Signer identifier input)
OCTETSTRING issuer;
if (_security_db->get_hash(p_certificate_id, issuer) != 0) {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256 (%s): Failed to get hash of the issuer certificate", p_certificate_id.c_str());
return -1;
}
loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_nistp256: hash_issuer: ", issuer);
OCTETSTRING hash_data = p_hash + issuer; // Hash (Data input) || Hash (Signer identifier input)
loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_nistp256: hash: ", hash_data);
OCTETSTRING hash_to_be_verified;
hash_sha256(hash_data, hash_to_be_verified); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_nistp256: hash_to_be_verified: ", hash_to_be_verified);
std::vector<unsigned char> hash_issuer(static_cast<const unsigned char*>(issuer), issuer.lengthof() + static_cast<const unsigned char*>(issuer)); // Hash (Signer identifier input)
loggers::get_instance().log_to_hexa("security_services::verify_sign_ecdsa_nistp256: hash_issuer: ", hash_issuer.data(), hash_issuer.size());
std::vector<unsigned char> hash_data(static_cast<const unsigned char *>(p_hash), static_cast<const unsigned char *>(p_hash) + p_hash.lengthof());
hash_data.insert(hash_data.end(), hash_issuer.cbegin(), hash_issuer.cend()); // Hash (Data input) || Hash (Signer identifier input)
loggers::get_instance().log_to_hexa("security_services::verify_sign_ecdsa_nistp256: hash: ", hash_data.data(), hash_data.size());
sha256 sha;
std::vector<unsigned char> hash_to_be_verified;
sha.generate(hash_data, hash_to_be_verified); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_to_hexa("security_services::verify_sign_ecdsa_nistp256: hash_to_be_verified: ", hash_to_be_verified.data(), hash_to_be_verified.size());
 
// Build the signature
OCTETSTRING signature;
OCTETSTRING os;
if (p_signature.ecdsaNistP256Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_x__only)) {
signature = p_signature.ecdsaNistP256Signature().rSig().x__only() + p_signature.ecdsaNistP256Signature().sSig();
os = p_signature.ecdsaNistP256Signature().rSig().x__only() + p_signature.ecdsaNistP256Signature().sSig();
} else if (p_signature.ecdsaNistP256Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
signature = p_signature.ecdsaNistP256Signature().rSig().compressed__y__0() + p_signature.ecdsaNistP256Signature().sSig();
os = p_signature.ecdsaNistP256Signature().rSig().compressed__y__0() + p_signature.ecdsaNistP256Signature().sSig();
} else if (p_signature.ecdsaNistP256Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
signature = p_signature.ecdsaNistP256Signature().rSig().compressed__y__1() + p_signature.ecdsaNistP256Signature().sSig();
os = p_signature.ecdsaNistP256Signature().rSig().compressed__y__1() + p_signature.ecdsaNistP256Signature().sSig();
} else if (p_signature.ecdsaNistP256Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
signature = p_signature.ecdsaNistP256Signature().rSig().uncompressedP256().x() + p_signature.ecdsaNistP256Signature().rSig().uncompressedP256().y() + p_signature.ecdsaNistP256Signature().sSig();
os = p_signature.ecdsaNistP256Signature().rSig().uncompressedP256().x() + p_signature.ecdsaNistP256Signature().rSig().uncompressedP256().y() + p_signature.ecdsaNistP256Signature().sSig();
} else {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256 (%s): Invalid curve point", p_certificate_id.c_str());
return -1;
}
security_ecc k(ec_elliptic_curves::nist_p_256, public_key_x, public_key_y);
std::vector<unsigned char> signature(static_cast<const unsigned char *>(os), static_cast<const unsigned char *>(os) + os.lengthof());
std::vector<unsigned char> key_x(static_cast<const unsigned char *>(public_key_x), static_cast<const unsigned char *>(public_key_x) + public_key_x.lengthof());
std::vector<unsigned char> key_y(static_cast<const unsigned char *>(public_key_y), static_cast<const unsigned char *>(public_key_y) + public_key_y.lengthof());
security_ecc k(ec_elliptic_curves::nist_p_256, key_x, key_y);
if (k.sign_verif(hash_to_be_verified, signature) == 0) {
return 0;
}
780,15 → 816,17
if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) {
if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
p_public_comp_key = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().compressed__y__0();
security_ecc ecc(ec_elliptic_curves::nist_p_256, p_public_comp_key, ecc_compressed_mode::compressed_y_0);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_comp_key), p_public_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_comp_key));
security_ecc ecc(ec_elliptic_curves::nist_p_256, comp_key, ecc_compressed_mode::compressed_y_0);
p_public_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_comp_key_mode = INTEGER(0);
} else if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
p_public_comp_key = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().compressed__y__1();
security_ecc ecc(ec_elliptic_curves::nist_p_256, p_public_comp_key, ecc_compressed_mode::compressed_y_1);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_comp_key), p_public_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_comp_key));
security_ecc ecc(ec_elliptic_curves::nist_p_256, comp_key, ecc_compressed_mode::compressed_y_1);
p_public_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_comp_key_mode = INTEGER(1);
} else if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
p_public_key_x = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().uncompressedP256().x();
800,15 → 838,17
} else if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) {
if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
p_public_comp_key = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().compressed__y__0();
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, p_public_comp_key, ecc_compressed_mode::compressed_y_0);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_comp_key), p_public_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_comp_key));
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, comp_key, ecc_compressed_mode::compressed_y_0);
p_public_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_comp_key_mode = INTEGER(0);
} else if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
p_public_comp_key = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().compressed__y__1();
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, p_public_comp_key, ecc_compressed_mode::compressed_y_1);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_comp_key), p_public_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_comp_key));
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, comp_key, ecc_compressed_mode::compressed_y_1);
p_public_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_comp_key_mode = INTEGER(1);
} else if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
p_public_key_x = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().uncompressedP256().x();
815,15 → 855,17
p_public_key_y = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().uncompressedP256().y();
} else if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP384r1)) {
p_public_comp_key = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP384r1().compressed__y__0();
security_ecc ecc(ec_elliptic_curves::brainpool_p_384_r1, p_public_comp_key, ecc_compressed_mode::compressed_y_0);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_comp_key), p_public_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_comp_key));
security_ecc ecc(ec_elliptic_curves::brainpool_p_384_r1, comp_key, ecc_compressed_mode::compressed_y_0);
p_public_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_comp_key_mode = INTEGER(0);
} else if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP384r1().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) {
p_public_comp_key = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP384r1().compressed__y__1();
security_ecc ecc(ec_elliptic_curves::brainpool_p_384_r1, p_public_comp_key, ecc_compressed_mode::compressed_y_1);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_comp_key), p_public_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_comp_key));
security_ecc ecc(ec_elliptic_curves::brainpool_p_384_r1, comp_key, ecc_compressed_mode::compressed_y_1);
p_public_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_comp_key_mode = INTEGER(1);
} else if (p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP384r1().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) {
p_public_key_x = p_cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP384r1().uncompressedP384().x();
848,15 → 890,17
if (p.publicKey().ischosen(IEEE1609dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesNistP256)) {
if (p.publicKey().eciesNistP256().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
p_public_enc_comp_key = p.publicKey().eciesNistP256().compressed__y__0();
security_ecc ecc(ec_elliptic_curves::nist_p_256, p_public_enc_comp_key, ecc_compressed_mode::compressed_y_0);
p_public_enc_key_x = ecc.public_key_x();
p_public_enc_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_enc_comp_key), p_public_enc_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_enc_comp_key));
security_ecc ecc(ec_elliptic_curves::nist_p_256, comp_key, ecc_compressed_mode::compressed_y_0);
p_public_enc_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_enc_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_enc_comp_key_mode = INTEGER(0);
} else if (p.publicKey().eciesNistP256().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
const OCTETSTRING& p_public_enc_comp_key = p.publicKey().eciesNistP256().compressed__y__1();
security_ecc ecc(ec_elliptic_curves::nist_p_256, p_public_enc_comp_key, ecc_compressed_mode::compressed_y_1);
p_public_enc_key_x = ecc.public_key_x();
p_public_enc_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_enc_comp_key), p_public_enc_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_enc_comp_key));
security_ecc ecc(ec_elliptic_curves::nist_p_256, comp_key, ecc_compressed_mode::compressed_y_1);
p_public_enc_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_enc_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_enc_comp_key_mode = INTEGER(1);
} else if (p.publicKey().eciesNistP256().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
p_public_enc_key_x = p.publicKey().eciesNistP256().uncompressedP256().x();
868,15 → 912,17
} else if (p.publicKey().ischosen(IEEE1609dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesBrainpoolP256r1)) {
if (p.publicKey().eciesBrainpoolP256r1().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
p_public_enc_comp_key = p.publicKey().eciesBrainpoolP256r1().compressed__y__0();
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, p_public_enc_comp_key, ecc_compressed_mode::compressed_y_0);
p_public_enc_key_x = ecc.public_key_x();
p_public_enc_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_enc_comp_key), p_public_enc_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_enc_comp_key));
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, comp_key, ecc_compressed_mode::compressed_y_0);
p_public_enc_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_enc_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_enc_comp_key_mode = INTEGER(0);
} else if (p.publicKey().eciesBrainpoolP256r1().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
p_public_enc_comp_key = p.publicKey().eciesBrainpoolP256r1().compressed__y__1();
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, p_public_enc_comp_key, ecc_compressed_mode::compressed_y_1);
p_public_enc_key_x = ecc.public_key_x();
p_public_enc_key_y = ecc.public_key_y();
std::vector<unsigned char> comp_key(static_cast<const unsigned char *>(p_public_enc_comp_key), p_public_enc_comp_key.lengthof() + static_cast<const unsigned char *>(p_public_enc_comp_key));
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, comp_key, ecc_compressed_mode::compressed_y_1);
p_public_enc_key_x = OCTETSTRING(ecc.public_key_x().size(), ecc.public_key_x().data());
p_public_enc_key_y = OCTETSTRING(ecc.public_key_y().size(), ecc.public_key_y().data());
p_public_enc_comp_key_mode = INTEGER(1);
} else if (p.publicKey().eciesBrainpoolP256r1().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
p_public_enc_key_x = p.publicKey().eciesBrainpoolP256r1().uncompressedP256().x();
922,9 → 968,8
if (result == -1) { // Not found in current DB
if (_security_cache.get()->get_certificate_id(hashed_id8, p_certificate_id) == -1) { // Not found in TS cache
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
// const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
// p_certificate_id = converter::get_instance().bytes_to_hexa(v);
p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));
const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
p_certificate_id = converter::get_instance().bytes_to_hexa(v);
// Add it into the cache
OCTETSTRING public_key_x, public_key_y, public_comp_key;
INTEGER public_comp_key_mode;
970,9 → 1015,8
if (result == -1) {
if (_security_cache.get()->get_certificate_id(hashed_id8, p_certificate_id) == -1) {
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
// const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
// p_certificate_id = converter::get_instance().bytes_to_hexa(v);
p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));
const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
p_certificate_id = converter::get_instance().bytes_to_hexa(v);
// Add it into the cache
OCTETSTRING public_key_x, public_key_y, public_comp_key;
INTEGER public_comp_key_mode;
/branches/STF525/ccsrc/Protocols/Security/security_services.hh
8,21 → 8,20
 
#include "security_ecc.hh"
 
class OCTETSTRING; //! TITAN forward declaration
class CHARSTRING; //! TITAN forward declaration
class OCTETSTRING;
class CHARSTRING;
 
namespace IEEE1609dot2BaseTypes {
class HashAlgorithm; //! TITAN forward declaration
class Signature; //! TITAN forward declaration
}
class HashAlgorithm;
class Signature;}
 
namespace IEEE1609dot2 {
class Ieee1609Dot2Data; //! TITAN forward declaration
class Ieee1609Dot2Content; //! TITAN forward declaration
class ToBeSignedData; //! TITAN forward declaration
class SignedData; //! TITAN forward declaration
class EncryptedData; //! TITAN forward declaration
class SignerIdentifier; //! TITAN forward declaration
class Ieee1609Dot2Data;
class Ieee1609Dot2Content;
class ToBeSignedData;
class SignedData;
class EncryptedData;
class SignerIdentifier;
}
 
/*!
46,7 → 45,7
std::unique_ptr<security_cache> _security_cache;
std::unique_ptr<security_db> _security_db;
unsigned long long _last_generation_time;
OCTETSTRING _unknown_certificate;
std::vector<unsigned char> _unknown_certificate;
int _latitude;
int _longitude;
int _elevation;
/branches/STF525/etc/TestCodec/TestCodec.cfg
277,15 → 277,15
#TestCodec_SecuredFuntions.tc_f_signWithEcdsaNistp256WithSha256_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_2
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_3
#TestCodec_SecuredFuntions.tc_f_signWithEcdsaBrainpoolp256WithSha256_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp256WithSha256_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp256WithSha256_2
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp256WithSha256_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp256WithSha256_3
#TestCodec_SecuredFuntions.tc_f_signWithEcdsaBrainpoolp384WithSha384_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_2
TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3
#TestCodec_SecuredFuntions.tc_load_certificates
#TestCodec_SecuredFuntions.tc_read_certificate_1
#TestCodec_SecuredFuntions.tc_read_certificate_2
325,9 → 325,9
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_4
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_5
# Pki
#TestCodec_Pki.tc_inner_ec_request_1
#TestCodec_Pki.tc_inner_ec_request_2
#TestCodec_Pki.tc_inner_ec_response_1
TestCodec_Pki.tc_inner_ec_request_1
TestCodec_Pki.tc_inner_ec_request_2
TestCodec_Pki.tc_inner_ec_response_1
 
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
/branches/STF525/ttcn/TestCodec/TestCodec_SecuredFuntions.ttcn
366,15 → 366,11
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
stop;
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1('0A0A0A0A'O, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
stop;
} else {
setverdict(pass);
}
v_sig_wrong := v_sig;
381,14 → 377,10
v_sig_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
stop;
} else {
setverdict(pass);
}
v_publicKeyX_wrong := v_publicKeyCompressed;
579,14 → 571,10
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (f_verifyWithEcdsaBrainpoolp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256_1('0A0A0A0A'O, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
} else {
setverdict(pass);
}
v_sig_wrong := v_sig;
593,8 → 581,6
v_sig_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaBrainpoolp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
} else {
setverdict(pass);
}
v_publicKeyX_wrong := v_publicKeyX;
725,19 → 711,13
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(v_encMsg, int2oct(10, 48), v_private_key);
if (f_verifyWithEcdsaBrainpoolp384WithSha384(v_encMsg, int2oct(10, 48), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaBrainpoolp384WithSha384_1(v_encMsg, int2oct(10, 48), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaBrainpoolp384WithSha384_1('0A0A0A0A'O, int2oct(10, 48), v_sig, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
} else {
setverdict(pass);
}
v_sig_wrong := v_sig;
744,8 → 724,6
v_sig_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaBrainpoolp384WithSha384_1(v_encMsg, int2oct(10, 48), v_sig_wrong, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
} else {
setverdict(pass);
}
v_publicKeyX_wrong := v_publicKeyCompressed;
752,8 → 730,6
v_publicKeyX_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaBrainpoolp384WithSha384(v_encMsg, int2oct(10, 48), v_sig, v_publicKeyX_wrong, v_compressedMode) == true) {
setverdict(fail);
} else {
setverdict(pass);
}
v_publicKeyX_wrong := v_publicKeyX;
v_publicKeyX_wrong[0] := 'FF'O;