Compare Revisions

The credentials to download the source code are:
 Username: svnusers
 Password: svnusers

Ignore whitespace Rev 3341 → Rev 3342

/branches/STF525/ccsrc/Externals/LibItsSecurity_externals.cc
1,3 → 1,13
/*!
* \file LibItsSecurity_Functions.cc
* \brief Source file for Security externl functions.
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#include "LibItsSecurity_Functions.hh"
 
#include "sha256.hh"
20,7 → 30,7
/**
* \fn OCTETSTRING fx_hashWithSha256(const OCTETSTRING& p__toBeHashedData);
* \brief Produces a 256-bit (32-byte) hash value
* \brief Produces a 256-bit (32-bytes) hash value
* \param[in] p__toBeHashedData The data to be used to calculate the hash value
* \return The hash value
*/
28,17 → 38,17
const OCTETSTRING& p__toBeHashedData
) {
loggers::get_instance().log_msg(">>> fx__hashWithSha256: p__toBeHashedData= ", p__toBeHashedData);
 
sha256 hash;
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeHashedData), p__toBeHashedData.lengthof() + static_cast<const unsigned char *>(p__toBeHashedData));
std::vector<unsigned char> hashData;
hash.generate(tbh, hashData);
loggers::get_instance().log_to_hexa("fx__hashWithSha256: hashData= ", hashData.data(), hashData.size());
return OCTETSTRING(hashData.size(), hashData.data());
OCTETSTRING hashData;
hash.generate(p__toBeHashedData, hashData);
loggers::get_instance().log_msg("fx__hashWithSha256: hashData= ", hashData);
return hashData;
} // End of function fx__hashWithSha256
 
/**
* \fn OCTETSTRING fx_hashWithSha384(const OCTETSTRING& p__toBeHashedData);
* \brief Produces a 384-bit (48-byte) hash value
* \brief Produces a 384-bit (48-bytes) hash value
* \param[in] p__toBeHashedData Data to be used to calculate the hash value
* \return The hash value
*/
46,10 → 56,10
const OCTETSTRING& p__toBeHashedData
) {
sha384 hash;
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeHashedData), p__toBeHashedData.lengthof() + static_cast<const unsigned char *>(p__toBeHashedData));
std::vector<unsigned char> hashData;
hash.generate(tbh, hashData);
return OCTETSTRING(hashData.size(), hashData.data());
OCTETSTRING hashData;
hash.generate(p__toBeHashedData, hashData);
loggers::get_instance().log_msg("fx__hashWithSha384: hashData= ", hashData);
return hashData;
} // End of function fx__hashWithSha384
 
/**
72,42 → 82,39
// Sanity checks
if ((p__certificateIssuer.lengthof() != 32) || (p__privateKey.lengthof() != 32)) {
loggers::get_instance().log("fx__signWithEcdsaNistp256WithSha256: Wrong parameters");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
// Calculate the SHA256 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )
sha256 hash;
std::vector<unsigned char> hashData1; // Hash (Data input)
std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage));
hash.generate(tbs, hashData1);
std::vector<unsigned char> hashData2; // Hash (Signer identifier input)
OCTETSTRING hashData1; // Hash (Data input)
hash.generate(p__toBeSignedSecuredMessage, hashData1);
OCTETSTRING hashData2; // Hash (Signer identifier input)
if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input)
hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer));
hashData2 = p__certificateIssuer;
} else {
hashData2 = hash.get_sha256_empty_string(); // Hash of empty string
}
loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash (Data input)=", hashData1.data(), hashData1.size());
loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash (Signer identifier input)=", hashData2.data(), hashData2.size());
hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input)
loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash (Data input) || Hash (Signer identifier input)=", hashData1.data(), hashData1.size());
std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("fx__signWithEcdsaNistp256WithSha256: Hash (Data input)=", hashData1);
loggers::get_instance().log_msg("fx__signWithEcdsaNistp256WithSha256: Hash (Signer identifier input)=", hashData2);
hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)
loggers::get_instance().log_msg("fx__signWithEcdsaNistp256WithSha256: Hash (Data input) || Hash (Signer identifier input)=", hashData1);
OCTETSTRING hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
hash.generate(hashData1, hashData);
loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size());
loggers::get_instance().log_msg("fx__signWithEcdsaNistp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);
// Calculate the signature
std::vector<unsigned char> p_key(static_cast<const unsigned char *>(p__privateKey), static_cast<const unsigned char *>(p__privateKey) + p__privateKey.lengthof());
security_ecc k(ec_elliptic_curves::nist_p_256, p_key);
std::vector<unsigned char> r_sig;
std::vector<unsigned char> s_sig;
security_ecc k(ec_elliptic_curves::nist_p_256, p__privateKey);
OCTETSTRING r_sig;
OCTETSTRING s_sig;
if (k.sign(hashData, r_sig, s_sig) == 0) {
OCTETSTRING os(r_sig.size(), r_sig.data());
// loggers::get_instance().log_to_hexa("r_sig= ", os);
// loggers::get_instance().log_to_hexa("s_sig= ", OCTETSTRING(s_sig.size(), s_sig.data());
os += OCTETSTRING(s_sig.size(), s_sig.data());
// loggers::get_instance().log_to_hexa("sig= ", os);
OCTETSTRING os = r_sig + s_sig;
loggers::get_instance().log_msg("r_sig= ", r_sig);
loggers::get_instance().log_msg("s_sig= ", s_sig);
loggers::get_instance().log_msg("sig= ", os);
return os;
}
 
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
 
/**
126,41 → 133,38
// Sanity checks
if ((p__certificateIssuer.lengthof() != 32) || (p__privateKey.lengthof() != 32)) {
loggers::get_instance().log("fx__signWithEcdsaBrainpoolp256WithSha256: Wrong parameters");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
// Calculate the SHA256 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )
sha256 hash;
std::vector<unsigned char> hashData1; // Hash (Data input)
std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage));
hash.generate(tbs, hashData1);
std::vector<unsigned char> hashData2; // Hash (Signer identifier input)
OCTETSTRING hashData1; // Hash (Data input)
hash.generate(p__toBeSignedSecuredMessage, hashData1);
OCTETSTRING hashData2; // Hash (Signer identifier input)
if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input)
hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer));
hashData2 = p__certificateIssuer;
} else {
hashData2 = hash.get_sha256_empty_string(); // Hash of empty string
}
loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp256WithSha256: Hash (Data input)=", hashData1.data(), hashData1.size());
loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp256WithSha256: Hash (Signer identifier input)=", hashData2.data(), hashData2.size());
hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input)
std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("fx__signWithEcdsaBrainpoolp256WithSha256: Hash (Data input)=", hashData1);
loggers::get_instance().log_msg("fx__signWithEcdsaBrainpoolp256WithSha256: Hash (Signer identifier input)=", hashData2);
hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)
OCTETSTRING hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
hash.generate(hashData1, hashData);
loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size());
loggers::get_instance().log_msg("fx__signWithEcdsaBrainpoolp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);
// Calculate the signature
std::vector<unsigned char> p_key(static_cast<const unsigned char *>(p__privateKey), static_cast<const unsigned char *>(p__privateKey) + p__privateKey.lengthof());
security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, p_key);
std::vector<unsigned char> r_sig;
std::vector<unsigned char> s_sig;
security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, p__privateKey);
OCTETSTRING r_sig;
OCTETSTRING s_sig;
if (k.sign(hashData, r_sig, s_sig) == 0) {
OCTETSTRING os(r_sig.size(), r_sig.data());
// loggers::get_instance().log_to_hexa("r_sig= ", os);
// loggers::get_instance().log_to_hexa("s_sig= ", OCTETSTRING(s_sig.size(), s_sig.data());
os += OCTETSTRING(s_sig.size(), s_sig.data());
// loggers::get_instance().log_to_hexa("sig= ", os);
OCTETSTRING os = r_sig + s_sig;
loggers::get_instance().log_msg("r_sig= ", r_sig);
loggers::get_instance().log_msg("s_sig= ", s_sig);
loggers::get_instance().log_msg("sig= ", os);
return os;
}
 
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
 
/**
179,41 → 183,38
// Sanity checks
if ((p__certificateIssuer.lengthof() != 48) || (p__privateKey.lengthof() != 48)) {
loggers::get_instance().log("fx__signWithEcdsaBrainpoolp384WithSha384: Wrong parameters");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
// Calculate the SHA384 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )
sha384 hash;
std::vector<unsigned char> hashData1; // Hash (Data input)
std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage));
hash.generate(tbs, hashData1);
std::vector<unsigned char> hashData2; // Hash (Signer identifier input)
OCTETSTRING hashData1; // Hash (Data input)
hash.generate(p__toBeSignedSecuredMessage, hashData1);
OCTETSTRING hashData2; // Hash (Signer identifier input)
if (p__certificateIssuer != int2oct(0, 48)) { // || Hash (Signer identifier input)
hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer));
hashData2 = p__certificateIssuer;
} else {
hashData2 = hash.get_sha384_empty_string(); // Hash of empty string
}
loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: Hash (Data input)=", hashData1.data(), hashData1.size());
loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: Hash (Signer identifier input)=", hashData2.data(), hashData2.size());
hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input)
std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("fx__signWithEcdsaBrainpoolp384WithSha384: Hash (Data input)=", hashData1);
loggers::get_instance().log_msg("fx__signWithEcdsaBrainpoolp384WithSha384: Hash (Signer identifier input)=", hashData2);
hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)
OCTETSTRING hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
hash.generate(hashData1, hashData);
loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size());
loggers::get_instance().log_msg("fx__signWithEcdsaBrainpoolp384WithSha384: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);
// Calculate the signature
std::vector<unsigned char> p_key(static_cast<const unsigned char *>(p__privateKey), static_cast<const unsigned char *>(p__privateKey) + p__privateKey.lengthof());
security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, p_key);
std::vector<unsigned char> r_sig;
std::vector<unsigned char> s_sig;
security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, p__privateKey);
OCTETSTRING r_sig;
OCTETSTRING s_sig;
if (k.sign(hashData, r_sig, s_sig) == 0) {
OCTETSTRING os(r_sig.size(), r_sig.data());
//loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: r_sig= ", os);
//loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: s_sig= ", OCTETSTRING(s_sig.size(), s_sig.data()));
os += OCTETSTRING(s_sig.size(), s_sig.data());
//loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: sig= ", os);
OCTETSTRING os = r_sig + s_sig;
loggers::get_instance().log_msg("fx__signWithEcdsaBrainpoolp384WithSha384: r_sig= ", r_sig);
loggers::get_instance().log_msg("fx__signWithEcdsaBrainpoolp384WithSha384: s_sig= ", s_sig);
loggers::get_instance().log_msg("fx__signWithEcdsaBrainpoolp384WithSha384: sig= ", os);
return os;
}
 
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
 
/**
240,26 → 241,23
 
// Calculate the SHA256 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )
sha256 hash;
std::vector<unsigned char> hashData1; // Hash (Data input)
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData));
hash.generate(tbh, hashData1);
std::vector<unsigned char> hashData2; // Hash (Signer identifier input)
OCTETSTRING hashData1; // Hash (Data input)
hash.generate(p__toBeVerifiedData, hashData1);
OCTETSTRING hashData2; // Hash (Signer identifier input)
if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input)
hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer));
hashData2 = p__certificateIssuer;
} else {
hashData2 = hash.get_sha256_empty_string(); // Hash of empty string
}
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaNistp256WithSha256: Hash (Data input)=", hashData1.data(), hashData1.size());
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaNistp256WithSha256: Hash (Signer identifier input)=", hashData2.data(), hashData2.size());
hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input)
std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp256WithSha256: Hash (Data input)=", hashData1);
loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp256WithSha256: Hash (Signer identifier input)=", hashData2);
hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)
OCTETSTRING hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
hash.generate(hashData1, hashData);
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaNistp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size());
loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);
// Check the signature
std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
std::vector<unsigned char> pub_key_compressed(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyCompressed), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyCompressed) + p__ecdsaNistp256PublicKeyCompressed.lengthof());
security_ecc k(ec_elliptic_curves::nist_p_256, pub_key_compressed, (p__compressedMode == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (k.sign_verif(hashData, signature) == 0) {
security_ecc k(ec_elliptic_curves::nist_p_256, p__ecdsaNistp256PublicKeyCompressed, (p__compressedMode == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (k.sign_verif(hashData, p__signature) == 0) {
return TRUE;
}
 
291,28 → 289,24
 
// Calculate the SHA256 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )
sha256 hash;
std::vector<unsigned char> hashData1; // Hash (Data input)
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData));
hash.generate(tbh, hashData1);
std::vector<unsigned char> hashData2; // Hash (Signer identifier input)
OCTETSTRING hashData1; // Hash (Data input)
hash.generate(p__toBeVerifiedData, hashData1);
OCTETSTRING hashData2; // Hash (Signer identifier input)
if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input)
hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer));
hashData2 = p__certificateIssuer;
} else {
hashData2 = hash.get_sha256_empty_string(); // Hash of empty string
}
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaNistp256WithSha256__1: Hash (Data input)=", hashData1.data(), hashData1.size());
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaNistp256WithSha256__1: Hash (Signer identifier input)=", hashData2.data(), hashData2.size());
hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input)
std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp256WithSha256__1: Hash (Data input)=", hashData1);
loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp256WithSha256__1: Hash (Signer identifier input)=", hashData2);
hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)
OCTETSTRING hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
hash.generate(hashData1, hashData);
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaNistp256WithSha256__1: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size());
loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp256WithSha256__1: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);
// Check the signature
std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX) + p__ecdsaNistp256PublicKeyX.lengthof());
std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY) + p__ecdsaNistp256PublicKeyY.lengthof());
security_ecc k(ec_elliptic_curves::nist_p_256, pub_key_x, pub_key_y);
security_ecc k(ec_elliptic_curves::nist_p_256, p__ecdsaNistp256PublicKeyX, p__ecdsaNistp256PublicKeyY);
//security_ecc k(ec_elliptic_curves::nist_p_256);
if (k.sign_verif(hashData, signature) == 0) {
if (k.sign_verif(hashData, p__signature) == 0) {
return TRUE;
}
 
343,26 → 337,23
 
// Calculate the SHA256 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )
sha256 hash;
std::vector<unsigned char> hashData1; // Hash (Data input)
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData));
hash.generate(tbh, hashData1);
std::vector<unsigned char> hashData2; // Hash (Signer identifier input)
OCTETSTRING hashData1; // Hash (Data input)
hash.generate(p__toBeVerifiedData, hashData1);
OCTETSTRING hashData2; // Hash (Signer identifier input)
if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input)
hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer));
hashData2 = p__certificateIssuer;
} else {
hashData2 = hash.get_sha256_empty_string(); // Hash of empty string
}
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp256WithSha256: Hash (Data input)=", hashData1.data(), hashData1.size());
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp256WithSha256: Hash (Signer identifier input)=", hashData2.data(), hashData2.size());
hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input)
std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp256WithSha256: Hash (Data input)=", hashData1);
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp256WithSha256: Hash (Signer identifier input)=", hashData2);
hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)
OCTETSTRING hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
hash.generate(hashData1, hashData);
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size());
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);
// Check the signature
std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
std::vector<unsigned char> pub_key_compressed(static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyCompressed), static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyCompressed) + p__ecdsaBrainpoolp256PublicKeyCompressed.lengthof());
security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, pub_key_compressed, (p__compressedMode == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (k.sign_verif(hashData, signature) == 0) {
security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, p__ecdsaBrainpoolp256PublicKeyCompressed, (p__compressedMode == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (k.sign_verif(hashData, p__signature) == 0) {
return TRUE;
}
 
394,27 → 385,23
 
// Calculate the SHA256 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )
sha256 hash;
std::vector<unsigned char> hashData1; // Hash (Data input)
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData));
hash.generate(tbh, hashData1);
std::vector<unsigned char> hashData2; // Hash (Signer identifier input)
OCTETSTRING hashData1; // Hash (Data input)
hash.generate(p__toBeVerifiedData, hashData1);
OCTETSTRING hashData2; // Hash (Signer identifier input)
if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input)
hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer));
hashData2 = p__certificateIssuer;
} else {
hashData2 = hash.get_sha256_empty_string(); // Hash of empty string
}
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Hash (Data input)=", hashData1.data(), hashData1.size());
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Hash (Signer identifier input)=", hashData2.data(), hashData2.size());
hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input)
std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Hash (Data input)=", hashData1);
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Hash (Signer identifier input)=", hashData2);
hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)
OCTETSTRING hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
hash.generate(hashData1, hashData);
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size());
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);
// Check the signature
std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyX), static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyX) + p__ecdsaBrainpoolp256PublicKeyX.lengthof());
std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyY), static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyY) + p__ecdsaBrainpoolp256PublicKeyY.lengthof());
security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, pub_key_x, pub_key_y);
if (k.sign_verif(hashData, signature) == 0) {
security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, p__ecdsaBrainpoolp256PublicKeyX, p__ecdsaBrainpoolp256PublicKeyY);
if (k.sign_verif(hashData, p__signature) == 0) {
return TRUE;
}
 
445,26 → 432,23
 
// Calculate the SHA384 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )
sha384 hash;
std::vector<unsigned char> hashData1; // Hash (Data input)
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData));
hash.generate(tbh, hashData1);
std::vector<unsigned char> hashData2; // Hash (Signer identifier input)
OCTETSTRING hashData1; // Hash (Data input)
hash.generate(p__toBeVerifiedData, hashData1);
OCTETSTRING hashData2; // Hash (Signer identifier input)
if (p__certificateIssuer != int2oct(0, 48)) { // || Hash (Signer identifier input)
hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer));
hashData2 = p__certificateIssuer;
} else {
hashData2 = hash.get_sha384_empty_string(); // Hash of empty string
}
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash (Data input)=", hashData1.data(), hashData1.size());
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash (Signer identifier input)=", hashData2.data(), hashData2.size());
hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input)
std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash (Data input)=", hashData1);
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash (Signer identifier input)=", hashData2);
hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)
OCTETSTRING hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
hash.generate(hashData1, hashData);
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size());
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);
// Check the signature
std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
std::vector<unsigned char> pub_key_compressed(static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyCompressed), static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyCompressed) + p__ecdsaBrainpoolp384PublicKeyCompressed.lengthof());
security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, pub_key_compressed, (p__compressedMode == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (k.sign_verif(hashData, signature) == 0) {
security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, p__ecdsaBrainpoolp384PublicKeyCompressed, (p__compressedMode == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (k.sign_verif(hashData, p__signature) == 0) {
return TRUE;
}
 
496,27 → 480,23
 
// Calculate the SHA384 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )
sha384 hash;
std::vector<unsigned char> hashData1; // Hash (Data input)
std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData));
hash.generate(tbh, hashData1);
std::vector<unsigned char> hashData2; // Hash (Signer identifier input)
OCTETSTRING hashData1; // Hash (Data input)
hash.generate(p__toBeVerifiedData, hashData1);
OCTETSTRING hashData2; // Hash (Signer identifier input)
if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input)
hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer));
hashData2 = p__certificateIssuer;
} else {
hashData2 = hash.get_sha384_empty_string(); // Hash of empty string
}
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash (Data input)=", hashData1.data(), hashData1.size());
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash (Signer identifier input)=", hashData2.data(), hashData2.size());
hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input)
std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash (Data input)=", hashData1);
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash (Signer identifier input)=", hashData2);
hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)
OCTETSTRING hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) )
hash.generate(hashData1, hashData);
loggers::get_instance().log_to_hexa("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size());
loggers::get_instance().log_msg("fx__verifyWithEcdsaBrainpoolp384WithSha384: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);
// Check the signature
std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyX), static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyX) + p__ecdsaBrainpoolp384PublicKeyX.lengthof());
std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyY), static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyY) + p__ecdsaBrainpoolp384PublicKeyY.lengthof());
security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, pub_key_x, pub_key_y);
if (k.sign_verif(hashData, signature) == 0) {
security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, p__ecdsaBrainpoolp384PublicKeyX, p__ecdsaBrainpoolp384PublicKeyY);
if (k.sign_verif(hashData, p__signature) == 0) {
return TRUE;
}
 
534,18 → 514,14
loggers::get_instance().log(">>> fx__test__hmac__sha256");
 
hmac h(hash_algorithms::sha_256); // TODO Use ec_encryption_algorithm
std::vector<unsigned char> k(static_cast<const unsigned char *>(p__k), p__k.lengthof() + static_cast<const unsigned char *>(p__k));
std::vector<unsigned char> m(static_cast<const unsigned char *>(p__m), p__m.lengthof() + static_cast<const unsigned char *>(p__m));
std::vector<unsigned char> t;
if (h.generate(m, k, t) == -1) {
OCTETSTRING t;
if (h.generate(p__m, p__k, t) == -1) {
loggers::get_instance().warning("fx__test__hmac__sha256: Failed to generate HMAC");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
loggers::get_instance().log_msg("fx__test__hmac__sha256: HMAC: ", t);
 
OCTETSTRING os(t.size(), t.data());
loggers::get_instance().log_to_hexa("fx__test__hmac__sha256: HMAC: ", os);
 
return os;
return t;
}
 
/**
560,18 → 536,13
loggers::get_instance().log(">>> fx__test__encrypt__aes__128__ccm__test");
security_ecc ec(ec_elliptic_curves::nist_p_256);
std::vector<unsigned char> k(static_cast<const unsigned char *>(p__k), p__k.lengthof() + static_cast<const unsigned char *>(p__k));
std::vector<unsigned char> n(static_cast<const unsigned char *>(p__n), p__n.lengthof() + static_cast<const unsigned char *>(p__n));
std::vector<unsigned char> pt(static_cast<const unsigned char *>(p__pt), p__pt.lengthof() + static_cast<const unsigned char *>(p__pt));
 
std::vector<unsigned char> enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, k, n, pt, enc_message) == -1) {
OCTETSTRING enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, p__k, p__n, p__pt, enc_message) == -1) {
loggers::get_instance().warning("fx__test__encrypt__aes__128__ccm__test: Failed to encrypt message");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
OCTETSTRING os(enc_message.size(), enc_message.data());
os = os + OCTETSTRING(ec.tag().size(), ec.tag().data());
loggers::get_instance().log_to_hexa("fx__test__encrypt__aes__128__ccm__test: encrypted message: ", os);
OCTETSTRING os(enc_message + ec.tag());
loggers::get_instance().log_msg("fx__test__encrypt__aes__128__ccm__test: encrypted message: ", os);
 
return os;
}
588,25 → 559,20
loggers::get_instance().log(">>> fx__test__decrypt__aes__128__ccm__test");
security_ecc ec(ec_elliptic_curves::nist_p_256);
std::vector<unsigned char> k(static_cast<const unsigned char *>(p__k), p__k.lengthof() + static_cast<const unsigned char *>(p__k));
std::vector<unsigned char> n(static_cast<const unsigned char *>(p__n), p__n.lengthof() + static_cast<const unsigned char *>(p__n));
std::vector<unsigned char> ct(static_cast<const unsigned char *>(p__ct), p__ct.lengthof() + static_cast<const unsigned char *>(p__ct));
// Extract the tag
std::vector<unsigned char> tag(16, 0x00);
std::copy(ct.end() - tag.size(), ct.end(), tag.begin());
loggers::get_instance().log_to_hexa("fx__test__decrypt__aes__128__ccm__test: tag: ", tag.data(), tag.size());
OCTETSTRING tag(16, static_cast<const unsigned char*>(p__ct) - 16);
loggers::get_instance().log_msg("fx__test__decrypt__aes__128__ccm__test: tag: ", tag);
// Remove the tag from the end of the encrypted message
ct.resize(ct.size() - tag.size());
OCTETSTRING ct(p__ct.lengthof() - 16, static_cast<const unsigned char*>(p__ct));
std::vector<unsigned char> message;
if (ec.decrypt(encryption_algotithm::aes_128_ccm, k, n, tag, ct, message) == -1) {
OCTETSTRING message;
if (ec.decrypt(encryption_algotithm::aes_128_ccm, p__k, p__n, tag, p__ct, message) == -1) {
loggers::get_instance().warning("fx__test__decrypt__aes__128__ccm__test: Failed to decrypt message");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
OCTETSTRING os(message.size(), message.data());
loggers::get_instance().log_to_hexa("fx__test__decrypt__aes__128__ccm__test: decrypted message: ", os);
loggers::get_instance().log_to_hexa("fx__test__decrypt__aes__128__ccm__test: decrypted message: ", message);
return os;
return message;
}
/**
635,43 → 601,40
security_ecc ec(ec_elliptic_curves::nist_p_256);
if (ec.generate() == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
// 2. Generate and derive shared secret
std::vector<unsigned char> recipients_public_comp_key(static_cast<const unsigned char *>(p__recipientsPublicKeyCompressed), p__recipientsPublicKeyCompressed.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyCompressed));
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, recipients_public_comp_key, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y()) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
// Set the encrypted symmetric key
p__encrypted__sym__key = OCTETSTRING(ec.encrypted_symmetric_key().size(), ec.encrypted_symmetric_key().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: Encrypted symmetric key: ", p__encrypted__sym__key);
p__encrypted__sym__key = ec.encrypted_symmetric_key();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Encrypted symmetric key: ", p__encrypted__sym__key);
// Set the tag of the symmetric key encryption
p__authentication__vector = OCTETSTRING(ec.tag().size(), ec.tag().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector);
p__authentication__vector = ec.tag();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector);
// Set ephemeral public keys
p__publicEphemeralKeyCompressed = OCTETSTRING(ec.public_key_compressed().size(), ec.public_key_compressed().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed);
p__publicEphemeralKeyCompressed = ec.public_key_compressed();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed);
p__ephemeralCompressedMode = (ec.public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1;
loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed mode: %d: ", p__ephemeralCompressedMode);
// 3. Retrieve AES 128 parameters
p__nonce = OCTETSTRING(ec.nonce().size(), ec.nonce().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce);
OCTETSTRING enc_symm_key = OCTETSTRING(ec.symmetric_encryption_key().size(), ec.symmetric_encryption_key().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: enc_symm_key: ", enc_symm_key);
p__nonce = ec.nonce();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce);
OCTETSTRING enc_symm_key = ec.symmetric_encryption_key();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: enc_symm_key: ", enc_symm_key);
// 4. Encrypt the data using AES-128 CCM
std::vector<unsigned char> message(static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage), p__toBeEncryptedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage));
std::vector<unsigned char> enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), message, enc_message) == -1) {
OCTETSTRING enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to encrypt message");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
enc_message.insert(enc_message.end(), std::make_move_iterator(ec.tag().begin()), std::make_move_iterator(ec.tag().end()));
OCTETSTRING os(enc_message.size(), enc_message.data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: enc message||Tag: ", os);
enc_message += ec.tag();
loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: enc message||Tag: ", enc_message);
return os;
return enc_message;
}
 
/**
700,35 → 663,28
loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
 
// 1. Create security_ecc instance
std::vector<unsigned char> private_enc_key(static_cast<const unsigned char*>(p__privateEncKey), p__privateEncKey.lengthof() + static_cast<const unsigned char*>(p__privateEncKey));
security_ecc ec(ec_elliptic_curves::nist_p_256, private_enc_key);
std::vector<unsigned char> ephemeral_public_comp_key(static_cast<const unsigned char*>(p__publicEphemeralKeyCompressed), p__publicEphemeralKeyCompressed.lengthof() + static_cast<const unsigned char*>(p__publicEphemeralKeyCompressed));
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, ephemeral_public_comp_key, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
security_ecc ec(ec_elliptic_curves::nist_p_256, p__privateEncKey);
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__publicEphemeralKeyCompressed, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
// 2. Generate the shared secret value based on recipient's public ephemeral keys will be required
std::vector<unsigned char> enc_sym_key(static_cast<const unsigned char*>(p__encrypted__sym__key), p__encrypted__sym__key.lengthof() + static_cast<const unsigned char*>(p__encrypted__sym__key));
std::vector<unsigned char> nonce(static_cast<const unsigned char*>(p__nonce), p__nonce.lengthof() + static_cast<const unsigned char*>(p__nonce));
std::vector<unsigned char> authentication_vector(static_cast<const unsigned char*>(p__authentication__vector), p__authentication__vector.lengthof() + static_cast<const unsigned char*>(p__authentication__vector));
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, private_enc_key, ec_comp.public_key_x(), ec_comp.public_key_y(), enc_sym_key, nonce, authentication_vector) == -1) {
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p__privateEncKey, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector) == -1) {
loggers::get_instance().warning("fx__decryptWithEciesNistp256WithSha256: Failed to generate shared secret");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
// Decrypt the message
std::vector<unsigned char> enc_message(static_cast<const unsigned char*>(p__encryptedSecuredMessage), p__encryptedSecuredMessage.lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p__encryptedSecuredMessage));
loggers::get_instance().log_to_hexa("fx__decryptWithEciesNistp256WithSha256: enc_message: ", enc_message.data(), enc_message.size());
std::vector<unsigned char> tag(p__encryptedSecuredMessage.lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p__encryptedSecuredMessage), p__encryptedSecuredMessage.lengthof() + static_cast<const unsigned char*>(p__encryptedSecuredMessage));
loggers::get_instance().log_to_hexa("fx__decryptWithEciesNistp256WithSha256: tag: ", tag.data(), tag.size());
std::vector<unsigned char> message;
OCTETSTRING enc_message(p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage)); // Extract the encrypted message
loggers::get_instance().log_msg("fx__decryptWithEciesNistp256WithSha256: enc_message: ", enc_message); // Extract the ctag value
OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(enc_message) + p__encryptedSecuredMessage.lengthof());
loggers::get_instance().log_msg("fx__decryptWithEciesNistp256WithSha256: tag: ", tag);
OCTETSTRING message;
if (ec.decrypt(tag, enc_message, message) == -1) {
loggers::get_instance().warning("fx__decryptWithEciesNistp256WithSha256: Failed to generate shared secret");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
loggers::get_instance().log_msg("fx__decryptWithEciesNistp256WithSha256: dec message: ", message);
OCTETSTRING os(message.size(), message.data());
loggers::get_instance().log_to_hexa("fx__decryptWithEciesNistp256WithSha256: dec message: ", os);
return os;
return message;
}
OCTETSTRING fx__encryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
739,44 → 695,41
// 1. Generate new Private/Public key
security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1);
if (ec.generate() == -1) {
loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate ephemeral keys");
return OCTETSTRING();
loggers::get_instance().warning(": Failed to generate ephemeral keys");
return OCTETSTRING(0, nullptr);
}
// 2. Generate and derive shared secret
std::vector<unsigned char> recipients_public_comp_key(static_cast<const unsigned char *>(p__recipientsPublicKeyCompressed), p__recipientsPublicKeyCompressed.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyCompressed));
security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, recipients_public_comp_key, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y()) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING();
loggers::get_instance().warning(": Failed to generate and derive secret key");
return OCTETSTRING(0, nullptr);
}
// Set the encrypted symmetric key
p__encrypted__sym__key = OCTETSTRING(ec.encrypted_symmetric_key().size(), ec.encrypted_symmetric_key().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: Encrypted symmetric key: ", p__encrypted__sym__key);
p__encrypted__sym__key = ec.encrypted_symmetric_key();
loggers::get_instance().log_msg(": Encrypted symmetric key: ", p__encrypted__sym__key);
// Set the tag of the symmetric key encryption
p__authentication__vector = OCTETSTRING(ec.tag().size(), ec.tag().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector);
p__authentication__vector = ec.tag();
loggers::get_instance().log_msg(": p__authentication__vector: ", p__authentication__vector);
// Set ephemeral public keys
p__publicEphemeralKeyCompressed = OCTETSTRING(ec.public_key_compressed().size(), ec.public_key_compressed().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed);
p__publicEphemeralKeyCompressed = ec.public_key_compressed();
loggers::get_instance().log_msg(": Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed);
p__ephemeralCompressedMode = (ec.public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1;
loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed mode: %d: ", p__ephemeralCompressedMode);
loggers::get_instance().log(": Ephemeral public compressed mode: %d: ", p__ephemeralCompressedMode);
// 3. Retrieve AES 128 parameters
p__nonce = OCTETSTRING(ec.nonce().size(), ec.nonce().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: p__nonce: ", p__nonce);
OCTETSTRING enc_symm_key = OCTETSTRING(ec.symmetric_encryption_key().size(), ec.symmetric_encryption_key().data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: enc_symm_key: ", enc_symm_key);
p__nonce = ec.nonce();
loggers::get_instance().log_msg(": p__nonce: ", p__nonce);
OCTETSTRING enc_symm_key = ec.symmetric_encryption_key();
loggers::get_instance().log_msg(": enc_symm_key: ", enc_symm_key);
// 4. Encrypt the data using AES-128 CCM
std::vector<unsigned char> message(static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage), p__toBeEncryptedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage));
std::vector<unsigned char> enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), message, enc_message) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to encrypt message");
return OCTETSTRING();
OCTETSTRING enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
loggers::get_instance().warning(": Failed to encrypt message");
return OCTETSTRING(0, nullptr);
}
enc_message.insert(enc_message.end(), std::make_move_iterator(ec.tag().begin()), std::make_move_iterator(ec.tag().end()));
OCTETSTRING os(enc_message.size(), enc_message.data());
loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: enc message||Tag: ", os);
enc_message += ec.tag();
loggers::get_instance().log_to_hexa(": enc message||Tag: ", enc_message);
 
return os;
return enc_message;
}
 
OCTETSTRING fx__decryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce) {
789,35 → 742,28
loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
 
// 1. Create security_ecc instance
std::vector<unsigned char> private_enc_key(static_cast<const unsigned char*>(p__privateEncKey), p__privateEncKey.lengthof() + static_cast<const unsigned char*>(p__privateEncKey));
security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1, private_enc_key);
std::vector<unsigned char> ephemeral_public_comp_key(static_cast<const unsigned char*>(p__publicEphemeralKeyCompressed), p__publicEphemeralKeyCompressed.lengthof() + static_cast<const unsigned char*>(p__publicEphemeralKeyCompressed));
security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, ephemeral_public_comp_key, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1, p__privateEncKey);
security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__publicEphemeralKeyCompressed, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
 
// 2. Generate the shared secret value based on recipient's public ephemeral keys will be required
std::vector<unsigned char> enc_sym_key(static_cast<const unsigned char*>(p__encrypted__sym__key), p__encrypted__sym__key.lengthof() + static_cast<const unsigned char*>(p__encrypted__sym__key));
std::vector<unsigned char> nonce(static_cast<const unsigned char*>(p__nonce), p__nonce.lengthof() + static_cast<const unsigned char*>(p__nonce));
std::vector<unsigned char> authentication_vector(static_cast<const unsigned char*>(p__authentication__vector), p__authentication__vector.lengthof() + static_cast<const unsigned char*>(p__authentication__vector));
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, private_enc_key, ec_comp.public_key_x(), ec_comp.public_key_y(), enc_sym_key, nonce, authentication_vector) == -1) {
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p__privateEncKey, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector) == -1) {
loggers::get_instance().warning("fx__decryptWithEciesBrainpoolp256WithSha256: Failed to generate shared secret");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
 
// Decypt the message
std::vector<unsigned char> enc_message(static_cast<const unsigned char*>(p__encryptedSecuredMessage), p__encryptedSecuredMessage.lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p__encryptedSecuredMessage));
loggers::get_instance().log_to_hexa("fx__decryptWithEciesBrainpoolp256WithSha256: enc_message: ", enc_message.data(), enc_message.size());
std::vector<unsigned char> tag(p__encryptedSecuredMessage.lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p__encryptedSecuredMessage), p__encryptedSecuredMessage.lengthof() + static_cast<const unsigned char*>(p__encryptedSecuredMessage));
loggers::get_instance().log_to_hexa("fx__decryptWithEciesBrainpoolp256WithSha256: tag: ", tag.data(), tag.size());
std::vector<unsigned char> message;
// Decrypt the message
OCTETSTRING enc_message(p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage)); // Extract the encrypted message
loggers::get_instance().log_msg("fx__decryptWithEciesBrainpoolp256WithSha256: enc_message: ", enc_message); // Extract the ctag value
OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(enc_message) + p__encryptedSecuredMessage.lengthof());
loggers::get_instance().log_msg("fx__decryptWithEciesBrainpoolp256WithSha256: tag: ", tag);
OCTETSTRING message;
if (ec.decrypt(tag, enc_message, message) == -1) {
loggers::get_instance().warning("fx__decryptWithEciesBrainpoolp256WithSha256: Failed to generate shared secret");
return OCTETSTRING();
return OCTETSTRING(0, nullptr);
}
loggers::get_instance().log_msg("fx__decryptWithEciesBrainpoolp256WithSha256: dec message: ", message);
 
OCTETSTRING os(message.size(), message.data());
loggers::get_instance().log_to_hexa("fx__decryptWithEciesBrainpoolp256WithSha256: dec message: ", os);
 
return os;
return message;
}
 
/**
838,33 → 784,33
) {
security_ecc k(ec_elliptic_curves::nist_p_256);
if (k.generate() != 0) {
p__privateKey = OCTETSTRING();
p__publicKeyX = OCTETSTRING();
p__publicKeyY = OCTETSTRING();
p__publicKeyCompressed = OCTETSTRING();
p__privateKey = OCTETSTRING(0, nullptr);
p__publicKeyX = OCTETSTRING(0, nullptr);
p__publicKeyY = OCTETSTRING(0, nullptr);
p__publicKeyCompressed = OCTETSTRING(0, nullptr);
return FALSE;
}
// Sanity checks
if (k.private_key().size() != 32) {
if (k.private_key().lengthof() != 32) {
loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid private key size");
return FALSE;
}
if (k.public_key_x().size() != 32) {
if (k.public_key_x().lengthof() != 32) {
loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key X-coordonate size");
return FALSE;
}
if (k.public_key_y().size() != 32) {
if (k.public_key_y().lengthof() != 32) {
loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key Y-coordonate size");
return FALSE;
}
if (k.public_key_compressed().size() != 32) {
if (k.public_key_compressed().lengthof() != 32) {
loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public compressed key size");
return FALSE;
}
p__privateKey = OCTETSTRING(k.private_key().size(), k.private_key().data());
p__publicKeyX = OCTETSTRING(k.public_key_x().size(), k.public_key_x().data());
p__publicKeyY = OCTETSTRING(k.public_key_y().size(), k.public_key_y().data());
p__publicKeyCompressed = OCTETSTRING(k.public_key_compressed().size(), k.public_key_compressed().data());
p__privateKey = k.private_key();
p__publicKeyX = k.public_key_x();
p__publicKeyY = k.public_key_y();
p__publicKeyCompressed = k.public_key_compressed();
p__compressedMode = INTEGER((int)k.public_key_compressed_mode());
return TRUE;
888,34 → 834,34
) {
security_ecc k(ec_elliptic_curves::brainpool_p_256_r1);
if (k.generate() != 0) {
p__privateKey = OCTETSTRING();
p__publicKeyX = OCTETSTRING();
p__publicKeyY = OCTETSTRING();
p__publicKeyCompressed = OCTETSTRING();
p__privateKey = OCTETSTRING(0, nullptr);
p__publicKeyX = OCTETSTRING(0, nullptr);
p__publicKeyY = OCTETSTRING(0, nullptr);
p__publicKeyCompressed = OCTETSTRING(0, nullptr);
return FALSE;
}
 
// Sanity checks
if (k.private_key().size() != 32) {
if (k.private_key().lengthof() != 32) {
loggers::get_instance().error("fx__generateKeyPair__brainpoolp256: Invalid private key size");
return FALSE;
}
if (k.public_key_x().size() != 32) {
if (k.public_key_x().lengthof() != 32) {
loggers::get_instance().error("fx__generateKeyPair__brainpoolp256: Invalid public key X-coordonate size");
return FALSE;
}
if (k.public_key_y().size() != 32) {
if (k.public_key_y().lengthof() != 32) {
loggers::get_instance().error("fx__generateKeyPair__brainpoolp256: Invalid public key Y-coordonate size");
return FALSE;
}
if (k.public_key_compressed().size() != 32) {
if (k.public_key_compressed().lengthof() != 32) {
loggers::get_instance().error("fx__generateKeyPair__brainpoolp256: Invalid public compressed key size");
return FALSE;
}
p__privateKey = OCTETSTRING(k.private_key().size(), k.private_key().data());
p__publicKeyX = OCTETSTRING(k.public_key_x().size(), k.public_key_x().data());
p__publicKeyY = OCTETSTRING(k.public_key_y().size(), k.public_key_y().data());
p__publicKeyCompressed = OCTETSTRING(k.public_key_compressed().size(), k.public_key_compressed().data());
p__privateKey = k.private_key();
p__publicKeyX = k.public_key_x();
p__publicKeyY = k.public_key_y();
p__publicKeyCompressed = k.public_key_compressed();
p__compressedMode = INTEGER((int)k.public_key_compressed_mode());
return TRUE;
939,34 → 885,34
) {
security_ecc k(ec_elliptic_curves::brainpool_p_384_r1);
if (k.generate() != 0) {
p__privateKey = OCTETSTRING();
p__publicKeyX = OCTETSTRING();
p__publicKeyY = OCTETSTRING();
p__publicKeyCompressed = OCTETSTRING();
p__privateKey = OCTETSTRING(0, nullptr);
p__publicKeyX = OCTETSTRING(0, nullptr);
p__publicKeyY = OCTETSTRING(0, nullptr);
p__publicKeyCompressed = OCTETSTRING(0, nullptr);
return FALSE;
}
 
// Sanity checks
if (k.private_key().size() != 48) {
if (k.private_key().lengthof() != 48) {
loggers::get_instance().error("fx__generateKeyPair__brainpoolp384: Invalid private key size");
return FALSE;
}
if (k.public_key_x().size() != 48) {
if (k.public_key_x().lengthof() != 48) {
loggers::get_instance().error("fx__generateKeyPair__brainpoolp384: Invalid public key X-coordonate size");
return FALSE;
}
if (k.public_key_y().size() != 48) {
if (k.public_key_y().lengthof() != 48) {
loggers::get_instance().error("fx__generateKeyPair__brainpoolp384: Invalid public key Y-coordonate size");
return FALSE;
}
if (k.public_key_compressed().size() != 48) {
if (k.public_key_compressed().lengthof() != 48) {
loggers::get_instance().error("fx__generateKeyPair__brainpoolp384: Invalid public compressed key size");
return FALSE;
}
p__privateKey = OCTETSTRING(k.private_key().size(), k.private_key().data());
p__publicKeyX = OCTETSTRING(k.public_key_x().size(), k.public_key_x().data());
p__publicKeyY = OCTETSTRING(k.public_key_y().size(), k.public_key_y().data());
p__publicKeyCompressed = OCTETSTRING(k.public_key_compressed().size(), k.public_key_compressed().data());
p__privateKey = k.private_key();
p__publicKeyX = k.public_key_x();
p__publicKeyY = k.public_key_y();
p__publicKeyCompressed = k.public_key_compressed();
p__compressedMode = INTEGER((int)k.public_key_compressed_mode());
 
return TRUE;
/branches/STF525/ccsrc/Protocols/Security/certificates_loader.cc
48,7 → 48,7
return 0;
} // End of method build_path
 
int certificates_loader::load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s) {
int certificates_loader::load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<OCTETSTRING, std::string>& p_hashed_id8s) {
loggers::get_instance().log(">>> certificates_loader::load_certificates");
 
// Sanity check
121,7 → 121,7
return 0;
} // End of method retrieve_certificates_list
 
int certificates_loader::build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s) {
int certificates_loader::build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<OCTETSTRING, std::string>& p_hashed_id8s) {
loggers::get_instance().log(">>> certificates_loader::build_certificates_cache");
 
std::set<std::experimental::filesystem::path>::const_iterator it = p_files.cbegin();
146,8 → 146,8
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching certificate '%s'", it->string().c_str());
std::ifstream is(it->string(), ios::in | ios::binary);
std::vector<unsigned char> certificate(std::experimental::filesystem::file_size(*it), 0x00);
is.read(reinterpret_cast<char *>(certificate.data()), certificate.size());
OCTETSTRING certificate = int2oct(0, std::experimental::filesystem::file_size(*it));
is.read((char *)static_cast<const unsigned char*>(certificate), certificate.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
165,14 → 165,14
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Private key size is incorrect for '%s'", key.c_str());
return -1;
}
std::vector<unsigned char> private_key(size, 0x00);
is.read(reinterpret_cast<char *>(private_key.data()), private_key.size());
OCTETSTRING private_key = int2oct(0, size);
is.read((char *)static_cast<const unsigned char*>(private_key), private_key.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
// Load private encryption key file if present
std::vector<unsigned char> private_enc_key;
OCTETSTRING private_enc_key;
it = p_files.find(p.replace_extension(_privateEncKeyExt));
if (it != p_files.cend()) {
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private encryption keys '%s'", it->string().c_str());
182,8 → 182,8
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Private encryption key size is incorrect for '%s'", key.c_str());
return -1;
}
private_enc_key.resize(size, 0x00);
is.read(reinterpret_cast<char *>(private_enc_key.data()), private_enc_key.size());
private_enc_key = int2oct(0, size);
is.read((char *)static_cast<const unsigned char*>(private_enc_key), private_enc_key.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
196,8 → 196,7
// Try with only binary format of the certificate and the private key
etsi_ts103097_certificate_codec codec;
IEEE1609dot2::CertificateBase decoded_certificate;
OCTETSTRING os(certificate.size(), certificate.data());
codec.decode(os, decoded_certificate);
codec.decode(certificate, decoded_certificate);
if (!decoded_certificate.is_value()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to decode certificate for '%s'", key.c_str());
return -1;
208,9 → 207,9
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Wrong VerificationKeyIndicator variant for '%s'", key.c_str());
return -1;
}
std::vector<unsigned char> public_key_x;
std::vector<unsigned char> public_key_y;
std::vector<unsigned char> public_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
OCTETSTRING public_key_x;
OCTETSTRING public_key_y;
OCTETSTRING public_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
IEEE1609dot2BaseTypes::PublicVerificationKey& b = decoded_certificate.toBeSigned().verifyKeyIndicator().verificationKey();
if (b.ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) {
IEEE1609dot2BaseTypes::EccP256CurvePoint& p = b.ecdsaNistP256();
222,13 → 221,13
IEEE1609dot2BaseTypes::EccP384CurvePoint& p = b.ecdsaBrainpoolP384r1();
fill_public_key_vectors(p, public_comp_key, public_key_x, public_key_y);
}
loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: public_key_x: ", public_key_x.data(), public_key_x.size());
loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: public_key_y: ", public_key_y.data(), public_key_y.size());
loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: public_comp_key: ", public_comp_key.data(), public_comp_key.size());
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_x: ", public_key_x);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_y: ", public_key_y);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_comp_key: ", public_comp_key);
std::vector<unsigned char> public_enc_key_x;
std::vector<unsigned char> public_enc_key_y;
std::vector<unsigned char> public_enc_comp_key;
OCTETSTRING public_enc_key_x;
OCTETSTRING public_enc_key_y;
OCTETSTRING public_enc_comp_key;
if (decoded_certificate.toBeSigned().encryptionKey().ispresent()) {
IEEE1609dot2BaseTypes::PublicEncryptionKey& v = static_cast<IEEE1609dot2BaseTypes::PublicEncryptionKey&>(decoded_certificate.toBeSigned().encryptionKey());
IEEE1609dot2BaseTypes::BasePublicEncryptionKey& b = v.publicKey();
241,34 → 240,28
}
}
std::vector<unsigned char> hashed_id;
std::vector<unsigned char> issuer;
OCTETSTRING hashed_id;
OCTETSTRING issuer;
if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) {
std::vector<unsigned char> hash;
OCTETSTRING hash;
sha256 sha;
sha.generate(certificate, hash);
loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash.data(), hash.size());
hashed_id.insert(hashed_id.begin(), hash.cend() - 8, hash.cend());
issuer.assign(
static_cast<const unsigned char*>(decoded_certificate.issuer().sha256AndDigest()),
decoded_certificate.issuer().sha256AndDigest().lengthof() + static_cast<const unsigned char*>(decoded_certificate.issuer().sha256AndDigest())
);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash);
hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
issuer = decoded_certificate.issuer().sha256AndDigest();
} else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) {
std::vector<unsigned char> hash;
OCTETSTRING hash;
sha384 sha;
sha.generate(certificate, hash);
loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash.data(), hash.size());
hashed_id.insert(hashed_id.begin(), hash.cend() - 8, hash.cend());
issuer.assign(
static_cast<const unsigned char*>(decoded_certificate.issuer().sha384AndDigest()),
decoded_certificate.issuer().sha384AndDigest().lengthof() + static_cast<const unsigned char*>(decoded_certificate.issuer().sha384AndDigest())
);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash);
hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
issuer = decoded_certificate.issuer().sha384AndDigest();
} else {
hashed_id.resize(8);
issuer.resize(8);
hashed_id = int2oct(0, 8);
issuer = int2oct(0, 8);
}
loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id.data(), hashed_id.size());
loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: issuer: ", issuer.data(), issuer.size());
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer);
// Create new record
security_db_record* p = new security_db_record(
281,10 → 274,10
public_key_x, // public keys X-coordinate
public_key_y, // public keys Y-coordinate
public_comp_key, // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
private_enc_key, // Private enciption key
public_enc_key_x, // Public enciption key X-coordinate
public_enc_key_y, // Public enciption key Y-coordinate
public_enc_comp_key // Public compressed enciption key
private_enc_key, // Private encryption key
public_enc_key_x, // Public encryption key X-coordinate
public_enc_key_y, // Public encryption key Y-coordinate
public_enc_comp_key // Public compressed encryption key
);
result = p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(p)));
if (result.second == false) {
292,7 → 285,7
delete p;
return -1;
}
p_hashed_id8s.insert(std::pair<std::vector<unsigned char>, std::string>(result.first->second.get()->hashed_id(), result.first->first));
p_hashed_id8s.insert(std::pair<OCTETSTRING, std::string>(result.first->second.get()->hashed_id(), result.first->first));
// Reset pointer
it = p_files.cbegin();
307,10 → 300,10
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public keys size is incorrect for '%s'", key.c_str());
return -1;
}
std::vector<unsigned char> public_key_x(size / 2, 0x00);
is.read(reinterpret_cast<char *>(public_key_x.data()), public_key_x.size());
std::vector<unsigned char> public_key_y(size / 2, 0x00);
is.read(reinterpret_cast<char *>(public_key_y.data()), public_key_y.size());
OCTETSTRING public_key_x = int2oct(0x00, size / 2);
is.read((char *)static_cast<const unsigned char*>(public_key_x), public_key_x.lengthof());
OCTETSTRING public_key_y = int2oct(0x00, size / 2);
is.read((char *)static_cast<const unsigned char*>(public_key_y), public_key_y.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
328,15 → 321,15
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public compressed key size is incorrect for '%s'", key.c_str());
return -1;
}
std::vector<unsigned char> public_comp_key(size, 0x00);
is.read(reinterpret_cast<char *>(public_comp_key.data()), public_comp_key.size());
OCTETSTRING public_comp_key = int2oct(0, size);
is.read((char *)static_cast<const unsigned char*>(public_comp_key), public_comp_key.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
 
// Load public encryption key file
std::vector<unsigned char> public_enc_key_x;
std::vector<unsigned char> public_enc_key_y;
OCTETSTRING public_enc_key_x;
OCTETSTRING public_enc_key_y;
it = p_files.find(p.replace_extension(_publicEncKeysExt));
if (it != p_files.cend()) {
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching public encryption keys '%s'", it->string().c_str());
346,16 → 339,16
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public encryption keys size is incorrect for '%s'", key.c_str());
return -1;
}
public_enc_key_x.resize(size / 2, 0x00);
is.read(reinterpret_cast<char *>(public_enc_key_x.data()), public_enc_key_x.size());
public_enc_key_y.resize(size / 2, 0x00);
is.read(reinterpret_cast<char *>(public_enc_key_y.data()), public_enc_key_y.size());
public_enc_key_x = int2oct(0, size / 2);
is.read((char *)static_cast<const unsigned char*>(public_enc_key_x), public_enc_key_x.lengthof());
public_enc_key_y = int2oct(0, size / 2);
is.read((char *)static_cast<const unsigned char*>(public_enc_key_y), public_enc_key_y.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
}
std::vector<unsigned char> public_enc_comp_key;
OCTETSTRING public_enc_comp_key;
it = p_files.find(p.replace_extension(_publicEncCompKeysExt));
if (it != p_files.cend()) {
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching public compressed encryption keys '%s'", it->string().c_str());
365,8 → 358,8
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public compressed encryption keys size is incorrect for '%s'", key.c_str());
return -1;
}
public_enc_comp_key.resize(33, 0x00);
is.read(reinterpret_cast<char *>(public_enc_comp_key.data()), public_enc_comp_key.size());
public_enc_comp_key = int2oct(0, 33);
is.read((char *)static_cast<const unsigned char*>(public_enc_comp_key), public_enc_comp_key.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
385,8 → 378,8
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Issuer keys file not found for '%s'", key.c_str());
return -1;
}
std::vector<unsigned char> issuer(size, 0x00);
is.read(reinterpret_cast<char *>(issuer.data()), issuer.size());
OCTETSTRING issuer = int2oct( 0, size);
is.read((char *)static_cast<const unsigned char*>(issuer), issuer.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
404,8 → 397,8
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Hashed_Id keys file not found for '%s'", key.c_str());
return -1;
}
std::vector<unsigned char> hashed_id(size, 0x00);
is.read(reinterpret_cast<char *>(hashed_id.data()), hashed_id.size());
OCTETSTRING hashed_id = int2oct( 0, size);
is.read((char *)static_cast<const unsigned char*>(hashed_id), hashed_id.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
413,32 → 406,30
// Create new record
etsi_ts103097_certificate_codec codec;
IEEE1609dot2::CertificateBase decoded_certificate;
OCTETSTRING os(certificate.size(), certificate.data());
codec.decode(os, decoded_certificate);
codec.decode(certificate, decoded_certificate);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Decoded certificate: ", decoded_certificate);
p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(
new security_db_record(
key,
certificate, // Certificate
decoded_certificate,
issuer, // Hashed ID fo the issuer
hashed_id, // Hashed ID
private_key, // Private key
public_key_x, // public keys X-coordinate
public_key_y, // public keys Y-coordinate
public_comp_key, // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
private_enc_key, // Private enciption key
public_enc_key_x, // Public enciption key X-coordinate
public_enc_key_y, // Public enciption key Y-coordinate
public_enc_comp_key // Public compressed enciption key
))
));
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator i = p_certificates.find(key);
if (i == p_certificates.cend()) {
security_db_record* p_ = new security_db_record(
key,
certificate, // Certificate
decoded_certificate,
issuer, // Hashed ID fo the issuer
hashed_id, // Hashed ID
private_key, // Private key
public_key_x, // public keys X-coordinate
public_key_y, // public keys Y-coordinate
public_comp_key, // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
private_enc_key, // Private encryption key
public_enc_key_x, // Public encryption key X-coordinate
public_enc_key_y, // Public encryption key Y-coordinate
public_enc_comp_key // Public compressed encryption key
);
result = p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(p_)));
if (result.second == false) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to insert new record '%s'", key.c_str());
delete p_;
return -1;
}
p_hashed_id8s.insert(std::pair<std::vector<unsigned char>, std::string>(i->second.get()->hashed_id(), i->first));
p_hashed_id8s.insert(std::pair<OCTETSTRING, std::string>(result.first->second.get()->hashed_id(), result.first->first));
// Reset pointer
it = p_files.cbegin();
459,7 → 450,7
}
loggers::get_instance().log("certificates_loader::save_certificate: Certificate file: '%s'", p.string().c_str());
std::ofstream os(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.certificate().data()), p_certificate.certificate().size());
os.write((char *)static_cast<const unsigned char*>(p_certificate.certificate()), p_certificate.certificate().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
 
472,7 → 463,7
}
loggers::get_instance().log("certificates_loader::save_certificate: Private key file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.private_key().data()), p_certificate.private_key().size());
os.write((char *)static_cast<const unsigned char*>(p_certificate.private_key()), p_certificate.private_key().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
485,8 → 476,8
}
loggers::get_instance().log("certificates_loader::save_certificate: Public keys file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.public_key_x().data()), p_certificate.public_key_x().size());
os.write(reinterpret_cast<const char *>(p_certificate.public_key_y().data()), p_certificate.public_key_y().size());
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_key_x()), p_certificate.public_key_x().lengthof());
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_key_y()), p_certificate.public_key_y().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
 
499,12 → 490,12
}
loggers::get_instance().log("certificates_loader::save_certificate: Public compressed keys file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.public_comp_key().data()), p_certificate.public_comp_key().size());
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_comp_key()), p_certificate.public_comp_key().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
 
// Private encryption key
if (p_certificate.private_enc_key().size() != 0) {
if (p_certificate.private_enc_key().lengthof() != 0) {
p = _full_path;
p /= p_certificate.certificate_id();
p += _privateEncKeyExt;
513,11 → 504,11
}
loggers::get_instance().log("certificates_loader::save_certificate: Private encryption key file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.private_enc_key().data()), p_certificate.private_enc_key().size());
os.write((char *)static_cast<const unsigned char*>(p_certificate.private_enc_key()), p_certificate.private_enc_key().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
// Public encription keys
// Public encryption keys
p = _full_path;
p /= p_certificate.certificate_id();
p += _publicEncKeysExt;
526,8 → 517,8
}
loggers::get_instance().log("certificates_loader::save_certificate: Public encryption keys file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.public_enc_key_x().data()), p_certificate.public_enc_key_x().size());
os.write(reinterpret_cast<const char *>(p_certificate.public_enc_key_y().data()), p_certificate.public_enc_key_y().size());
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_enc_key_x()), p_certificate.public_enc_key_x().lengthof());
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_enc_key_y()), p_certificate.public_enc_key_y().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
}
541,7 → 532,7
}
loggers::get_instance().log("certificates_loader::save_certificate: Issuer digest file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.issuer().data()), p_certificate.issuer().size());
os.write((char *)static_cast<const unsigned char*>(p_certificate.issuer()), p_certificate.issuer().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
554,7 → 545,7
}
loggers::get_instance().log("certificates_loader::save_certificate: Hashedid8 digest file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.hashed_id().data()), p_certificate.hashed_id().size());
os.write((char *)static_cast<const unsigned char*>(p_certificate.hashed_id()), p_certificate.hashed_id().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
561,53 → 552,45
return 0;
} // End of method save_certificate
 
void certificates_loader::fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, std::vector<unsigned char>& p_public_comp_key, std::vector<unsigned char>& p_public_key_x, std::vector<unsigned char>& p_public_key_y) {
void certificates_loader::fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) {
loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point);
if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
p_public_comp_key.resize(33);
p_public_comp_key[0] = 0x02;
std::copy(static_cast<const unsigned char*>(p_ecc_point.compressed__y__0()), p_ecc_point.compressed__y__0().lengthof() + static_cast<const unsigned char*>(p_ecc_point.compressed__y__0()), p_public_comp_key.begin() + 1);
p_public_key_x.resize(32);
p_public_key_y.resize(32);
p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0();
p_public_key_x = int2oct(0, 32);
p_public_key_y = int2oct(0, 32);
} else if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
p_public_comp_key.resize(33);
p_public_comp_key[0] = 0x03;
std::copy(static_cast<const unsigned char*>(p_ecc_point.compressed__y__1()), p_ecc_point.compressed__y__1().lengthof() + static_cast<const unsigned char*>(p_ecc_point.compressed__y__1()), p_public_comp_key.begin() + 1);
p_public_key_x.resize(32);
p_public_key_y.resize(32);
p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1();
p_public_key_x = int2oct(0, 32);
p_public_key_y = int2oct(0, 32);
} else if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
p_public_key_x.assign(static_cast<const unsigned char*>(p_ecc_point.uncompressedP256().x()), p_ecc_point.uncompressedP256().x().lengthof() + static_cast<const unsigned char*>(p_ecc_point.uncompressedP256().x()));
p_public_key_x.assign(static_cast<const unsigned char*>(p_ecc_point.uncompressedP256().y()), p_ecc_point.uncompressedP256().y().lengthof() + static_cast<const unsigned char*>(p_ecc_point.uncompressedP256().y()));
p_public_comp_key.assign(33, 0x00);
p_public_key_x = p_ecc_point.uncompressedP256().x();
p_public_key_x = p_ecc_point.uncompressedP256().y();
p_public_comp_key = int2oct(0, 33);
} else {
p_public_key_x.resize(32);
p_public_key_y.resize(32);
p_public_comp_key.resize(33);
p_public_key_x = int2oct(0, 32);
p_public_key_y = int2oct(0, 32);
p_public_comp_key = int2oct(0, 33);
}
}
void certificates_loader::fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, std::vector<unsigned char>& p_public_comp_key, std::vector<unsigned char>& p_public_key_x, std::vector<unsigned char>& p_public_key_y) {
void certificates_loader::fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) {
loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point);
 
if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) {
p_public_comp_key.resize(49);
p_public_comp_key[0] = 0x02;
std::copy(static_cast<const unsigned char*>(p_ecc_point.compressed__y__0()), p_ecc_point.compressed__y__0().lengthof() + static_cast<const unsigned char*>(p_ecc_point.compressed__y__0()), p_public_comp_key.begin() + 1);
p_public_key_x.resize(48);
p_public_key_y.resize(48);
p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0();
p_public_key_x = int2oct(0, 48);
p_public_key_y = int2oct(0, 48);
} else if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) {
p_public_comp_key.resize(49);
p_public_comp_key[0] = 0x03;
std::copy(static_cast<const unsigned char*>(p_ecc_point.compressed__y__1()), p_ecc_point.compressed__y__1().lengthof() + static_cast<const unsigned char*>(p_ecc_point.compressed__y__1()), p_public_comp_key.begin() + 1);
p_public_key_x.resize(48);
p_public_key_y.resize(48);
p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1();
p_public_key_x = int2oct(0, 48);
p_public_key_y = int2oct(0, 48);
} else if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) {
p_public_key_x.assign(static_cast<const unsigned char*>(p_ecc_point.uncompressedP384().x()), p_ecc_point.uncompressedP384().x().lengthof() + static_cast<const unsigned char*>(p_ecc_point.uncompressedP384().x()));
p_public_key_x.assign(static_cast<const unsigned char*>(p_ecc_point.uncompressedP384().y()), p_ecc_point.uncompressedP384().y().lengthof() + static_cast<const unsigned char*>(p_ecc_point.uncompressedP384().y()));
p_public_comp_key.assign(49, 0x00);
p_public_key_x = p_ecc_point.uncompressedP384().x();
p_public_key_x = p_ecc_point.uncompressedP384().y();
p_public_comp_key = int2oct(0, 49);
} else {
p_public_key_x.resize(48);
p_public_key_y.resize(48);
p_public_comp_key.resize(49);
p_public_key_x = int2oct(0, 48);
p_public_key_y = int2oct(0, 48);
p_public_comp_key = int2oct(0, 49);
}
}
/branches/STF525/ccsrc/Protocols/Security/certificates_loader.hh
71,15 → 71,15
 
int build_path(const std::string& p_root_directory);
 
int load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s);
//int load_certificate(std::unique_ptr<security_db_record> >& p_certificate, std::map<const std::vector<unsigned char>, const std::string&>& p_hashed_id8s);
int load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<OCTETSTRING, std::string>& p_hashed_id8s);
//int load_certificate(std::unique_ptr<security_db_record> >& p_certificate, std::map<const OCTETSTRING, const std::string&>& p_hashed_id8s);
int save_certificate(const security_db_record& p_certificate);
 
private:
int retrieve_certificates_list(std::set<std::experimental::filesystem::path>& p_files);
 
int build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s);
int build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<OCTETSTRING, std::string>& p_hashed_id8s);
void fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, std::vector<unsigned char>& p_public_comp_key, std::vector<unsigned char>& p_public_key_x, std::vector<unsigned char>& p_public_key_y);
void fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, std::vector<unsigned char>& p_public_comp_key, std::vector<unsigned char>& p_public_key_x, std::vector<unsigned char>& p_public_key_y);
void fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
void fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
}; // End of class certificates_loader
/branches/STF525/ccsrc/Protocols/Security/hmac.cc
0,0 → 1,49
/*!
* \file hmac.cc
* \brief Source file for HMAC helper methods.
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#include <TTCN3.hh>
 
#include "hmac.hh"
 
int hmac::generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac) {
// Sanity check
if (p_buffer.lengthof() == 0) {
return -1;
}
 
return generate( static_cast<const unsigned char*>(p_buffer), p_buffer.lengthof(), static_cast<const unsigned char*>(p_secret_key), p_secret_key.lengthof(), p_hmac);
}
 
int hmac::generate(const unsigned char* p_buffer, const size_t p_buffer_length, const unsigned char* p_secret_key, const size_t p_secret_key_length, OCTETSTRING& p_hmac) {
// Sanity check
if ((p_buffer == nullptr) || (p_secret_key == nullptr)) {
return -1;
}
::HMAC_CTX_reset(_ctx);
 
p_hmac = int2oct(0, EVP_MAX_MD_SIZE);
if (_hash_algorithms == hash_algorithms::sha_256) {
::HMAC_Init_ex(_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha256(), NULL);
} else if (_hash_algorithms == hash_algorithms::sha_384) {
::HMAC_Init_ex(_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha384(), NULL);
} else { // TODO To be continued
return -1;
}
// Compute the hash value
::HMAC_Update(_ctx, p_buffer, p_buffer_length);
unsigned int length = p_hmac.lengthof();
::HMAC_Final(_ctx, (unsigned char*)static_cast<const unsigned char*>(p_hmac), &length);
// Resize the hmac
if (_hash_algorithms == hash_algorithms::sha_256) {
p_hmac = OCTETSTRING(16, static_cast<const unsigned char*>(p_hmac));
} // FIXME Check length for the other hash algorithm
 
return 0;
}
Property changes:
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+URL Id
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: ccsrc/Protocols/Security/hmac.hh
===================================================================
--- ccsrc/Protocols/Security/hmac.hh (revision 3341)
+++ ccsrc/Protocols/Security/hmac.hh (revision 3342)
@@ -13,8 +13,9 @@
#include <vector>
#include <openssl/hmac.h>
-//#include <openssl/objects.h>
+class OCTETSTRING; //! TITAN forward declaration
+
/*!
* \enum Supported hash algorithms
*/
@@ -23,7 +24,6 @@
sha_384 /*!< HMAC with SHA-384 */
}; // End of class hash_algorithms
-
/*!
* \class hmac
* \brief This class provides description of HMAC helper methods
@@ -30,14 +30,14 @@
*/
class hmac {
HMAC_CTX *_ctx; //! HMAC context
- hash_algorithms _hash_algorithms;
+ hash_algorithms _hash_algorithms; //! HMAC hash algorithm to use
public:
/*!
* \brief Default constructor
* Create a new instance of the hmac class
- * \param[in] p_hash_algorithms The hash algorithm to be used to compute the HMAC
+ * \param[in] p_hash_algorithms The hash algorithm to be used to compute the HMAC. Default: sha_256
*/
- hmac(const hash_algorithms p_hash_algorithms): _ctx{nullptr}, _hash_algorithms(p_hash_algorithms) { _ctx = ::HMAC_CTX_new(); };
+ hmac(const hash_algorithms p_hash_algorithms = hash_algorithms::sha_256): _ctx{::HMAC_CTX_new()}, _hash_algorithms(p_hash_algorithms) { };
/*!
* \brief Default destructor
*/
@@ -44,8 +44,7 @@
virtual ~hmac() { if (_ctx == nullptr) { ::HMAC_CTX_free(_ctx); }; };
/*!
- * \inline
- * \fn int generate(const std::vector<unsigned char> p_buffer, const std::vector<unsigned char> p_secret_key, std::vector<unsigned char>& p_hmac);
+ * \fn int generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac);
* \brief Generate the HMAC of data using a secret key
* \Param[in] p_buffer The data tobe hashed
* \param[in] p_secret_key The secret key to be used to generate the HMAC
@@ -52,18 +51,10 @@
* \param[out] p_hmac The HMAC value based of the provided data
* \return 0 on success, -1 otherwise
*/
- inline int generate(const std::vector<unsigned char> p_buffer, const std::vector<unsigned char> p_secret_key, std::vector<unsigned char>& p_hmac) {
- // Sanity check
- if (p_buffer.size() == 0) {
- return -1;
- }
-
- return generate(p_buffer.data(), p_buffer.size(), p_secret_key.data(), p_secret_key.size(), p_hmac);
- };
+ int generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac);
/*!
- * \inline
- * \fn int generate(const unsigned char *p_buffer, const size_t p_buffer_length, const unsigned char *p_secret_key, const size_t p_secret_key_length, std::vector<unsigned char>& p_hmac);
+ * \fn int generate(const unsigned char* p_buffer, const size_t p_buffer_length, const unsigned char* p_secret_key, const size_t p_secret_key_length, OCTETSTRING& p_hmac);
* \brief Generate the HMAC of data using a secret key
* \param[in] p_buffer The data to be hashed
* \param[in] p_buffer_length The size of the data
@@ -72,30 +63,6 @@
* \param[out] p_hmac The HMAC value based of the provided data
* \return 0 on success, -1 otherwise
*/
- inline int generate(const unsigned char *p_buffer, const size_t p_buffer_length, const unsigned char *p_secret_key, const size_t p_secret_key_length, std::vector<unsigned char>& p_hmac) {
- // Sanity check
- if ((p_buffer == nullptr) || (p_secret_key == nullptr)) {
- return -1;
- }
- ::HMAC_CTX_reset(_ctx);
+ int generate(const unsigned char* p_buffer, const size_t p_buffer_length, const unsigned char* p_secret_key, const size_t p_secret_key_length, OCTETSTRING& p_hmac);
- p_hmac.resize(EVP_MAX_MD_SIZE);
- if (_hash_algorithms == hash_algorithms::sha_256) {
- ::HMAC_Init_ex(_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha256(), NULL);
- } else if (_hash_algorithms == hash_algorithms::sha_384) {
- ::HMAC_Init_ex(_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha384(), NULL);
- } else { // TODO To be continued
- return -1;
- }
- // Compute the hash value
- ::HMAC_Update(_ctx, p_buffer, p_buffer_length);
- unsigned int length = p_hmac.size();
- ::HMAC_Final(_ctx, static_cast<unsigned char*>(p_hmac.data()), &length);
- // Resize the hmac
- if (_hash_algorithms == hash_algorithms::sha_256) {
- p_hmac.resize(16);
- } // FIXME Check length for the other hash algorithm
-
- return 0;
- };
}; // End of class hmac
/branches/STF525/ccsrc/Protocols/Security/security_cache.cc
1,3 → 1,14
/*!
* \file security_cache.cc
* \brief Source file for a certificates caching storage mechanism.
* It is used to store certificates received from neighbors and not present in the data base
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#include "security_cache.hh"
 
#include "params.hh"
29,8 → 40,7
int security_cache::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const {
loggers::get_instance().log_msg(">>> security_cache::get_certificate_id: ", p_hashed_id8);
 
std::vector<unsigned char> key(static_cast<const unsigned char*>(p_hashed_id8), p_hashed_id8.lengthof() + static_cast<const unsigned char*>(p_hashed_id8));
std::map<std::vector<unsigned char>, std::string>::const_iterator it = _hashed_id8s.find(key);
std::map<OCTETSTRING, std::string>::const_iterator it = _hashed_id8s.find(p_hashed_id8);
if (it == _hashed_id8s.cend()) {
p_certifcate_id = "";
return -1;
49,8 → 59,7
dump();
return -1;
}
const std::vector<unsigned char> cert = it->second.get()->certificate();
p_certificate = OCTETSTRING(cert.size(), cert.data());
p_certificate = it->second.get()->certificate()
return 0;
}
76,8 → 85,7
loggers::get_instance().warning("security_cache::get_issuer: record not found");
return -1;
}
const std::vector<unsigned char> issuer = it->second.get()->issuer();
p_hashed_id_issuer = OCTETSTRING(issuer.size(), issuer.data());
p_hashed_id_issuer = it->second.get()->issuer();
return 0;
}
90,8 → 98,7
loggers::get_instance().warning("security_cache::get_hashed_id: record not found");
return -1;
}
const std::vector<unsigned char> hashed_id = it->second.get()->hashed_id();
p_hashed_id = OCTETSTRING(hashed_id.size(), hashed_id.data());
p_hashed_id = it->second.get()->hashed_id();
return 0;
}
104,8 → 111,7
loggers::get_instance().warning("security_cache::get_hash: record not found");
return -1;
}
const std::vector<unsigned char> hash = it->second.get()->hash();
p_hash = OCTETSTRING(hash.size(), hash.data());
p_hash = it->second.get()->hash();
 
return 0;
}
118,8 → 124,7
loggers::get_instance().warning("security_cache::get_private_key: record not found");
return -1;
}
const std::vector<unsigned char> private_key = it->second.get()->private_key();
p_private_key = OCTETSTRING(private_key.size(), private_key.data());
p_private_key = it->second.get()->private_key();
return 0;
}
132,10 → 137,8
loggers::get_instance().warning("security_cache::get_public_keys: record not found");
return -1;
}
const std::vector<unsigned char> public_key_x = it->second.get()->public_key_x();
p_public_key_x = OCTETSTRING(public_key_x.size(), public_key_x.data());
const std::vector<unsigned char> public_key_y = it->second.get()->public_key_y();
p_public_key_y = OCTETSTRING(public_key_y.size(), public_key_y.data());
p_public_key_x = it->second.get()->public_key_x();
p_public_key_y = it->second.get()->public_key_y();
return 0;
}
148,9 → 151,9
loggers::get_instance().warning("security_cache::get_public_comp_key: record not found");
return -1;
}
const std::vector<unsigned char> public_comp_key = it->second.get()->public_comp_key(); // 33 or 49 bytes length
p_public_comp_key = OCTETSTRING(public_comp_key.size() - 1, 1 + public_comp_key.data()); // 32 or 48 bytes length
p_comp_mode = INTEGER(((public_comp_key[0] % 2) == 0) ? 0 : 1); // compressed-y-0 or compressed-y-1
const OCTETSTRING public_comp_key = it->second.get()->public_comp_key(); // 33 or 49 bytes length
p_public_comp_key = OCTETSTRING(public_comp_key.lengthof() - 1, 1 + static_cast<const unsihned char*?>(public_comp_key)); // 32 or 48 bytes length
p_comp_mode = INTEGER(((public_comp_key[0] % 2) == 0) ? 0 : 1); // compressed-y-0 or compressed-y-1
 
return 0;
}
163,8 → 166,8
loggers::get_instance().warning("security_cache::get_private_enc_key: record not found");
return -1;
}
const std::vector<unsigned char> private_enc_key = it->second.get()->private_enc_key();
p_private_enc_key = OCTETSTRING(private_enc_key.size(), private_enc_key.data());
const OCTETSTRING private_enc_key = it->second.get()->private_enc_key();
p_private_enc_key = OCTETSTRING(private_enc_key.lengthof(), private_enc_key.data());
 
return 0;
}
177,10 → 180,10
loggers::get_instance().warning("security_cache::get_public_enc_keys: record not found");
return -1;
}
const std::vector<unsigned char> public_enc_key_x = it->second.get()->public_enc_key_x();
p_public_enc_key_x = OCTETSTRING(public_enc_key_x.size(), public_enc_key_x.data());
const std::vector<unsigned char> public_enc_key_y = it->second.get()->public_enc_key_y();
p_public_enc_key_y = OCTETSTRING(public_enc_key_y.size(), public_enc_key_y.data());
const OCTETSTRING public_enc_key_x = it->second.get()->public_enc_key_x();
p_public_enc_key_x = OCTETSTRING(public_enc_key_x.lengthof(), public_enc_key_x.data());
const OCTETSTRING public_enc_key_y = it->second.get()->public_enc_key_y();
p_public_enc_key_y = OCTETSTRING(public_enc_key_y.lengthof(), public_enc_key_y.data());
 
return 0;
}
193,21 → 196,20
loggers::get_instance().warning("security_cache::get_public_enc_comp_key: record not found");
return -1;
}
const std::vector<unsigned char> public_enc_comp_key = it->second.get()->public_enc_comp_key(); // 33 or 49 bytes length
p_public_enc_comp_key = OCTETSTRING(public_enc_comp_key.size() - 1, 1 + public_enc_comp_key.data()); // 32 or 48 bytes length
const OCTETSTRING public_enc_comp_key = it->second.get()->public_enc_comp_key(); // 33 or 49 bytes length
p_public_enc_comp_key = OCTETSTRING(public_enc_comp_key.lengthof() - 1, 1 + public_enc_comp_key.data()); // 32 or 48 bytes length
p_enc_comp_mode = INTEGER(((public_enc_comp_key[0] % 2) == 0) ? 0 : 1); // compressed-y-0 or compressed-y-1
 
return 0;
}
 
static bool fill_vector(std::vector<unsigned char>& v, const OCTETSTRING& o) {
if(o.is_bound()) {
v.assign(static_cast<const unsigned char*>(o), static_cast<const unsigned char*>(o) + o.lengthof());
bool security_cache::fill_vector(OCTETSTRING& p_vector, const OCTETSTRING& p_org) {
if (p_vector.is_bound()) {
p_vector = OCTETSTRING(p_org.lengthof(), static_cast<const unsigned char*>(p_org));
return true;
}else{
v.clear();
return false;
}
p_vector = OCTETSTRING(0, nullptr);
return false;
}
 
int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) {
214,28 → 216,28
loggers::get_instance().log_msg(">>> security_cache::store_certificate: ", p_cert_id);
 
std::string key(static_cast<const char*>(p_cert_id));
std::vector<unsigned char> cert, private_key, public_key_x, public_key_y, public_comp_key, hashed_id8, issuer;
std::vector<unsigned char> private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key;
OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hashed_id8, issuer;
OCTETSTRING private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key;
 
fill_vector(cert, p_cert);
fill_vector(private_key, p_private_key);
security_cache::fill_vector(cert, p_cert);
security_cache::fill_vector(private_key, p_private_key);
 
fill_vector(public_key_x, p_public_key_x);
fill_vector(public_key_y, p_public_key_y);
if(fill_vector(public_comp_key, p_public_compressed_key)){
public_comp_key.insert(public_comp_key.begin(), (unsigned char)(2 + p_public_compressed_key_mode)); // Add one byte to indicate cmpressed-y-0 (0x02) or compressed-y-1 (0x03)
loggers::get_instance().log_to_hexa("security_cache::store_certificate: public_comp_key: ", public_comp_key.data(), public_comp_key.size());
security_cache::fill_vector(public_key_x, p_public_key_x);
security_cache::fill_vector(public_key_y, p_public_key_y);
if(fill_vector(public_comp_key, p_public_compressed_key)) {
public_comp_key = int2oct((unsigned char)(2 + p_public_compressed_key_mode), 1) + public_comp_key; // Add one byte to indicate cmpressed-y-0 (0x02) or compressed-y-1 (0x03)
loggers::get_instance().log_msg("security_cache::store_certificate: public_comp_key: ", public_comp_key);
}
 
fill_vector(hashed_id8, p_hashed_id8);
fill_vector(issuer, p_issuer);
security_cache::fill_vector(hashed_id8, p_hashed_id8);
security_cache::fill_vector(issuer, p_issuer);
fill_vector(private_enc_key, p_private_enc_key);
fill_vector(public_enc_key_x, p_public_enc_key_x);
fill_vector(public_enc_key_y, p_public_enc_key_y);
security_cache::fill_vector(private_enc_key, p_private_enc_key);
security_cache::fill_vector(public_enc_key_x, p_public_enc_key_x);
security_cache::fill_vector(public_enc_key_y, p_public_enc_key_y);
if(fill_vector(public_enc_comp_key, p_public_enc_compressed_key)) {
public_enc_comp_key.insert(public_enc_comp_key.begin(), (unsigned char)(2 + p_public_compressed_key_mode)); // Add one byte to indicate cmpressed-y-0 (0x02) or compressed-y-1 (0x03)
loggers::get_instance().log_to_hexa("security_cache::store_certificate: public_enc_comp_key: ", public_enc_comp_key.data(), public_enc_comp_key.size());
public_enc_comp_key = int2oct((unsigned char)(2 + p_public_compressed_key_mode), 1) + public_enc_comp_key; // Add one byte to indicate cmpressed-y-0 (0x02) or compressed-y-1 (0x03)
loggers::get_instance().log_msg("security_cache::store_certificate: public_enc_comp_key: ", public_enc_comp_key);
}
IEEE1609dot2::CertificateBase decoded_certificate;
264,12 → 266,12
if (i != _certificates.cend()) {
_certificates.erase(i);
}
std::map<std::vector<unsigned char>, std::string>::const_iterator h = _hashed_id8s.find(hashed_id8);
std::map<OCTETSTRING, std::string>::const_iterator h = _hashed_id8s.find(hashed_id8);
if (h != _hashed_id8s.cend()) {
_hashed_id8s.erase(h);
}
_certificates.insert(std::pair<std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(p)));
_hashed_id8s.insert(std::pair<std::vector<unsigned char>, std::string&>(hashed_id8, key));
_hashed_id8s.insert(std::pair<OCTETSTRING, std::string&>(hashed_id8, key));
//dump();
 
return 0;
276,25 → 278,25
}
 
void security_cache::dump() const {
loggers::get_instance().log("security_cache::dump_certificates: # items = %d", _certificates.size());
loggers::get_instance().log("security_cache::dump_certificates: # items = %d", _certificates.lengthof());
for (std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.cbegin(); it != _certificates.cend(); ++it) {
security_db_record* p = it->second.get();
loggers::get_instance().log("security_cache::dump: certificate_id = %s", p->certificate_id().c_str());
loggers::get_instance().log_to_hexa("security_cache::dump: certificate = ", p->certificate().data(), p->certificate().size());
loggers::get_instance().log_msg("security_cache::dump: certificate = ", p->certificate());
loggers::get_instance().log_msg("security_cache::dump: decoded certificate = ", p->decoded_certificate());
loggers::get_instance().log_to_hexa("security_cache::dump: issuer = ", p->issuer().data(), p->issuer().size());
loggers::get_instance().log_to_hexa("security_cache::dump: hashed_id = ", p->hashed_id().data(), p->hashed_id().size());
loggers::get_instance().log_to_hexa("security_cache::dump: hash = ", p->hash().data(), p->hash().size());
loggers::get_instance().log_to_hexa("security_cache::dump: private_key = ", p->private_key().data(), p->private_key().size());
loggers::get_instance().log_to_hexa("security_cache::dump: public_key_x = ", p->public_key_x().data(), p->public_key_x().size());
loggers::get_instance().log_to_hexa("security_cache::dump: public_key_y = ", p->public_key_y().data(), p->public_key_y().size());
loggers::get_instance().log_to_hexa("security_cache::dump: public_comp_key = ", p->public_comp_key().data(), p->public_comp_key().size());
loggers::get_instance().log_to_hexa("security_cache::dump: private_enc_key = ", p->private_enc_key().data(), p->private_enc_key().size());
loggers::get_instance().log_to_hexa("security_cache::dump: public_enc_key_x = ", p->public_enc_key_x().data(), p->public_enc_key_x().size());
loggers::get_instance().log_to_hexa("security_cache::dump: public_enc_key_y = ", p->public_enc_key_y().data(), p->public_enc_key_y().size());
loggers::get_instance().log_to_hexa("security_cache::dump: public_enc_comp_key = ", p->public_enc_comp_key().data(), p->public_enc_comp_key().size());
loggers::get_instance().log_msg("security_cache::dump: issuer = ", p->issuer());
loggers::get_instance().log_msg("security_cache::dump: hashed_id = ", p->hashed_id());
loggers::get_instance().log_msg("security_cache::dump: hash = ", p->hash());
loggers::get_instance().log_msg("security_cache::dump: private_key = ", p->private_key());
loggers::get_instance().log_msg("security_cache::dump: public_key_x = ", p->public_key_x());
loggers::get_instance().log_msg("security_cache::dump: public_key_y = ", p->public_key_y());
loggers::get_instance().log_msg("security_cache::dump: public_comp_key = ", p->public_comp_key());
loggers::get_instance().log_msg("security_cache::dump: private_enc_key = ", p->private_enc_key());
loggers::get_instance().log_msg("security_cache::dump: public_enc_key_x = ", p->public_enc_key_x());
loggers::get_instance().log_msg("security_cache::dump: public_enc_key_y = ", p->public_enc_key_y());
loggers::get_instance().log_msg("security_cache::dump: public_enc_comp_key = ", p->public_enc_comp_key());
} // End of 'for' statement
for (std::map<std::vector<unsigned char>, std::string>::const_iterator it = _hashed_id8s.cbegin(); it != _hashed_id8s.cend(); ++it) {
for (std::map<OCTETSTRING, std::string>::const_iterator it = _hashed_id8s.cbegin(); it != _hashed_id8s.cend(); ++it) {
loggers::get_instance().log("security_cache::dump: Hashedid8 idx = %s", it->second.c_str());
} // End of 'for' statement
} // End of method dump
/branches/STF525/ccsrc/Protocols/Security/security_cache.hh
1,15 → 1,25
/*!
* \file security_cache.hh
* \brief Header file for a certificates caching storage mechanism.
* It is used to store certificates received from neighbors and not present in the data base
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#pragma once
 
#include <string>
#include <memory>
#include <vector>
#include <map>
 
#include "security_db_record.hh"
 
class OCTETSTRING;
class INTEGER;
class CHARSTRING;
class OCTETSTRING; //! TITAN forward declaration
class INTEGER; //! TITAN forward declaration
class CHARSTRING; //! TITAN forward declaration
 
/*!
* \class security_cache
16,10 → 26,12
* \brief This class provides security record description for in memory security database. In memory mens there is no disk load/save mechanism
*/
class security_cache {
static bool fill_vector(OCTETSTRING& p_vector, const OCTETSTRING& p_org);
 
protected: /*! \protectedsection */
// TODO Enforce with const security_cache_record, and const std::string
std::map<std::string, std::unique_ptr<security_db_record> > _certificates; //! List of the certificates indexed by the certificate identifier
std::map<std::vector<unsigned char>, std::string> _hashed_id8s; //! List of the certificates indexed by the HashedId8
std::map<OCTETSTRING, std::string> _hashed_id8s; //! List of the certificates indexed by the HashedId8
public: /*! \publicsection */
/*!
46,7 → 58,6
 
virtual int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
 
//virtual int store_certificate(const std::sring& p_cert_id, const std::vector<unsigned char>& p_cert, const std::vector<unsigned char>& p_private_key, const std::vector<unsigned char>& p_public_key_x, const std::vector<unsigned char>& p_public_key_y, const std::vector<unsigned char>& p_hashid8, const OCTETSTRING& p_issuer);
virtual int clear();
void dump() const;
/branches/STF525/ccsrc/Protocols/Security/security_db.cc
22,12 → 22,6
loggers::get_instance().log(">>> security_db::~security_db");
} // End of dtor
 
int security_db::clear() {
loggers::get_instance().log(">>> security_db::clear");
// TODO Check if something shale be done here
return 0;
} // End of clear method
 
int security_db::load_from_files(const std::string& p_db_path) {
loggers::get_instance().log(">>> security_db::load_from_files: '%s'", p_db_path.c_str());
 
/branches/STF525/ccsrc/Protocols/Security/security_db.hh
1,7 → 1,20
/*!
* \file security_cache.hh
* \brief Header file for a certificates caching storage mechanism.
* It is used to store certificates received from neighbors and not present in the data base
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#pragma once
 
#include "security_cache.hh"
 
class OCTETSTRING; //! TITAN forward declaration
 
/*!
* \class security_db
* \brief This class provides security record description for security database
11,16 → 24,28
public: /*! \publicsection */
/*!
* \brief Ctor with full path to the certificates storage
* \param[in] p_db_path The full path to the certificates storage
*/
security_db(const std::string& p_db_path);
/*!
* \brief Default private dtor
* \brief Default dtor
*/
~security_db();
 
/*!
* \fn int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
* \brief Store a new certificate
* \param[in] p_cert_id The certificate identifier
* \return 0 on success, -1 otherwise
*/
int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
int clear();
 
private:
private: /*! \privatesection */
/*!
* \fn int load_from_files(const std::string& p_db_path);
* \brief Initialise the storage of certificates mechanism
* \param[in] p_db_path The full path to the certificates storage
* \return 0 on success, -1 otherwise
*/
int load_from_files(const std::string& p_db_path);
}; // End of class security_db
/branches/STF525/ccsrc/Protocols/Security/security_db_record.cc
1,3 → 1,13
/*!
* \file security_db_record.cc
* \brief Source file for a storage of certificates mechanism.
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#include "EtsiTs103097Module.hh"
 
#include "sha256.hh"
6,21 → 16,21
 
security_db_record::security_db_record(
const std::string& p_certificate_id,
const std::vector<unsigned char>& p_certificate,
const OCTETSTRING& p_certificate,
const IEEE1609dot2::CertificateBase& p_decoded_certificate,
const std::vector<unsigned char>& p_hashed_id_issuer,
const std::vector<unsigned char>& p_hashed_id,
const std::vector<unsigned char>& p_pr_key,
const std::vector<unsigned char>& p_pu_key_x,
const std::vector<unsigned char>& p_pu_key_y,
const std::vector<unsigned char>& p_pu_comp_key,
const std::vector<unsigned char>& p_pr_enc_key,
const std::vector<unsigned char>& p_pu_enc_key_x,
const std::vector<unsigned char>& p_pu_enc_key_y,
const std::vector<unsigned char>& p_pu_enc_comp_key,
const OCTETSTRING& p_hashed_id_issuer,
const OCTETSTRING& p_hashed_id,
const OCTETSTRING& p_pr_key,
const OCTETSTRING& p_pu_key_x,
const OCTETSTRING& p_pu_key_y,
const OCTETSTRING& p_pu_comp_key,
const OCTETSTRING& p_pr_enc_key,
const OCTETSTRING& p_pu_enc_key_x,
const OCTETSTRING& p_pu_enc_key_y,
const OCTETSTRING& p_pu_enc_comp_key,
const bool p_to_be_saved
): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(p_certificate_id), _certificate(p_certificate), _hashed_id_issuer(p_hashed_id_issuer), _hash(), _hashed_id(p_hashed_id), _pr_key(p_pr_key), _pu_key_x(p_pu_key_x), _pu_key_y(p_pu_key_y), _pu_comp_key(p_pu_comp_key), _pr_enc_key(p_pr_enc_key), _pu_enc_key_x(p_pu_enc_key_x), _pu_enc_key_y(p_pu_enc_key_y), _pu_enc_comp_key(p_pu_enc_comp_key), _to_be_saved(p_to_be_saved), _decoded_certificate(static_cast<IEEE1609dot2::CertificateBase*>(p_decoded_certificate.clone())) {
if (p_pr_key.size() == 32) {
if (p_pr_key.lengthof() == 32) {
sha256 sha;
sha.generate(_certificate, _hash);
} else {
/branches/STF525/ccsrc/Protocols/Security/security_db_record.hh
1,10 → 1,21
/*!
* \file security_db_record.hh
* \brief Header file for a storage of certificates mechanism.
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#pragma once
 
#include <string>
#include <vector>
 
#include "security_ecc.hh"
 
class OCTETSTRING; //! TITAN forward declaration
 
namespace IEEE1609dot2 {
class CertificateBase;
};
15,48 → 26,94
*/
class security_db_record {
ec_elliptic_curves _algorithm;
std::string _certificate_id; /*!< Certificate storage*/
std::vector<unsigned char> _certificate; /*!< COER storage */
std::vector<unsigned char> _hashed_id_issuer; /*!< Hash id 8 of the issuer certificate */
std::vector<unsigned char> _hash; /*!< Certificate hash storage */
std::vector<unsigned char> _hashed_id; /*!< Certificate hash id 8 storage */
std::vector<unsigned char> _pr_key; /*!< Private key storage */
std::vector<unsigned char> _pu_key_x; /*!< Public key X-coordinate storage */
std::vector<unsigned char> _pu_key_y; /*!< Public key Y-coordinate storage */
std::vector<unsigned char> _pu_comp_key; /*!< Public compressed key storage */
std::vector<unsigned char> _pr_enc_key; /*!< Private encryption key storage */
std::vector<unsigned char> _pu_enc_key_x; /*!< Public encryption key X-coordinate storage */
std::vector<unsigned char> _pu_enc_key_y; /*!< Public encryption key Y-coordinate storage */
std::vector<unsigned char> _pu_enc_comp_key; /*!< Public compressed encryption key storage */
ec_elliptic_curves _algorithm; /*!< Signature . Default: nist_p_256 */
std::string _certificate_id; /*!< Certificate storage*/
OCTETSTRING _certificate; /*!< COER storage */
OCTETSTRING _hashed_id_issuer; /*!< Hash id 8 of the issuer certificate */
OCTETSTRING _hash; /*!< Certificate hash storage */
OCTETSTRING _hashed_id; /*!< Certificate hash id 8 storage */
OCTETSTRING _pr_key; /*!< Private key storage */
OCTETSTRING _pu_key_x; /*!< Public key X-coordinate storage */
OCTETSTRING _pu_key_y; /*!< Public key Y-coordinate storage */
OCTETSTRING _pu_comp_key; /*!< Public compressed key storage */
OCTETSTRING _pr_enc_key; /*!< Private encryption key storage */
OCTETSTRING _pu_enc_key_x; /*!< Public encryption key X-coordinate storage */
OCTETSTRING _pu_enc_key_y; /*!< Public encryption key Y-coordinate storage */
OCTETSTRING _pu_enc_comp_key; /*!< Public compressed encryption key storage */
bool _to_be_saved; /*!< Flag to indicate if the record shall be saved, i.e. has been modified */
IEEE1609dot2::CertificateBase* _decoded_certificate;
public: /*! \publicsection */
/*!
* \brief Default private ctor
* \brief Default ctor
*/
explicit security_db_record(): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(), _certificate(), _hashed_id_issuer(), _hash(), _hashed_id(), _pr_key(), _pu_key_x(), _pu_key_y(), _pu_comp_key(), _pr_enc_key(), _pu_enc_key_x(), _pu_enc_key_y(), _pu_enc_comp_key(), _to_be_saved(false), _decoded_certificate(nullptr) { };
security_db_record(const std::string& p_certificate_id, const std::vector<unsigned char>& p_certificate, const IEEE1609dot2::CertificateBase& p_decoded_certificate, const std::vector<unsigned char>& p_hashed_id_issuer, const std::vector<unsigned char>& p_hashed_id, const std::vector<unsigned char>& p_pr_key, const std::vector<unsigned char>& p_pu_key_x, const std::vector<unsigned char>& p_pu_key_y, const std::vector<unsigned char>& p_pu_comp_key, const std::vector<unsigned char>& p_pr_enc_key, const std::vector<unsigned char>& p_pu_enc_key_x, const std::vector<unsigned char>& p_pu_enc_key_y, const std::vector<unsigned char>& p_pu_enc_comp_key_y, const bool p_to_be_saved = true);
/*!
* \brief Specialised ctor
* \param[in] p_certificate_id The certificate identifier
* \param[in] p_certificate The COER encoded certificate
* \param[in] p_decoded_certificate The decoded certificate
* \param[in] p_hashed_id_issuer The HashedId of the certificate issuer
* \param[in] p_hashed_id The whole-certificate hashed id
* \param[in] p_pr_key The private signature key
* \param[in] p_pu_key_x The public X-coordinate signature key
* \param[in] p_pu_key_y The public Y-coordinate signature key
* \param[in] p_pu_comp_key The public compressed coordinate signature key
* \param[in] p_pr_enc_key The private encryption key
* \param[in] p_pu_enc_key_x The public X-coordinate encryption key
* \param[in] p_pu_enc_key_y The public Y-coordinate encryption key
* \param[in] p_pu_enc_comp_key_y The public compressed coordinate encryption key
* \param[in] p_to_be_saved Set to true to save on disk this certificate.Default: true
*/
security_db_record(const std::string& p_certificate_id, const OCTETSTRING& p_certificate, const IEEE1609dot2::CertificateBase& p_decoded_certificate, const OCTETSTRING& p_hashed_id_issuer, const OCTETSTRING& p_hashed_id, const OCTETSTRING& p_pr_key, const OCTETSTRING& p_pu_key_x, const OCTETSTRING& p_pu_key_y, const OCTETSTRING& p_pu_comp_key, const OCTETSTRING& p_pr_enc_key, const OCTETSTRING& p_pu_enc_key_x, const OCTETSTRING& p_pu_enc_key_y, const OCTETSTRING& p_pu_enc_comp_key_y, const bool p_to_be_saved = true);
/*!
* \brief Default private dtor
* \brief Default dtor
*/
~security_db_record() { if (_decoded_certificate != nullptr) { delete _decoded_certificate; } };
 
/*!
* \fn const IEEE1609dot2::CertificateBase& decoded_certificate() const;
* \brief Retrieve the decoded certificate value
* \return The decoded certificate
*/
const IEEE1609dot2::CertificateBase& decoded_certificate() const;
/*!
* \inline
* \fn const std::string& certificate_id() const;
* \brief Retrieve the certificate identifier value
* \return The certificate identifier
*/
inline const std::string& certificate_id() const { return _certificate_id; };
inline const std::vector<unsigned char>& certificate() const { return _certificate; };
inline const std::vector<unsigned char>& hashed_id() const { return _hashed_id; };
inline const std::vector<unsigned char>& hash() const { return _hash; };
inline const std::vector<unsigned char>& issuer() const { return _hashed_id_issuer; };
inline const std::vector<unsigned char>& private_key() const { return _pr_key; };
inline const std::vector<unsigned char>& public_key_x() const { return _pu_key_x; };
inline const std::vector<unsigned char>& public_key_y() const { return _pu_key_y; };
inline const std::vector<unsigned char>& public_comp_key() const { return _pu_comp_key; };
inline const std::vector<unsigned char>& private_enc_key() const { return _pr_enc_key; };
inline const std::vector<unsigned char>& public_enc_key_x() const { return _pu_enc_key_x; };
inline const std::vector<unsigned char>& public_enc_key_y() const { return _pu_enc_key_y; };
inline const std::vector<unsigned char>& public_enc_comp_key() const { return _pu_enc_comp_key; };
/*!
* \inline
* \fn const OCTETSTRING& certificate() const;
* \brief Retrieve the COER encoded certificate
* \return The COER encoded certificate
*/
inline const OCTETSTRING& certificate() const { return _certificate; };
/*!
* \inline
* \fn const OCTETSTRING& hashed_id() const;
* \brief Retrieve the HashedId of the certificate issuer
* \return The HashedId of the certificate issuer
*/
inline const OCTETSTRING& hashed_id() const { return _hashed_id; };
/*!
* \inline
* \fn const OCTETSTRING& hash() const;
* \brief Retrieve the whole-certificate hashed id
* \return The whole-certificate hashed id
*/
inline const OCTETSTRING& hash() const { return _hash; };
inline const OCTETSTRING& issuer() const { return _hashed_id_issuer; };
inline const OCTETSTRING& private_key() const { return _pr_key; };
inline const OCTETSTRING& public_key_x() const { return _pu_key_x; };
inline const OCTETSTRING& public_key_y() const { return _pu_key_y; };
inline const OCTETSTRING& public_comp_key() const { return _pu_comp_key; };
inline const OCTETSTRING& private_enc_key() const { return _pr_enc_key; };
inline const OCTETSTRING& public_enc_key_x() const { return _pu_enc_key_x; };
inline const OCTETSTRING& public_enc_key_y() const { return _pu_enc_key_y; };
inline const OCTETSTRING& public_enc_comp_key() const { return _pu_enc_comp_key; };
}; // End of class security_db_record
/branches/STF525/ccsrc/Protocols/Security/security_ecc.cc
1,3 → 1,13
/*!
* \file security_ecc.cc
* \brief Source file for Elliptic Curve Cryptography.
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#include <openssl/ecdsa.h>
#include <openssl/rand.h>
 
15,16 → 25,16
}
} // End of constructor
 
security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std::vector<unsigned char>& p_private_key): _elliptic_curve(p_elliptic_curve), _encryption_algotithm(encryption_algotithm::aes_128_ccm), _ec_key(nullptr), _ec_group(nullptr), _bn_ctx(nullptr), _pri_key(p_private_key), _pub_key_x(), _pub_key_y(), _pub_key_compressed(), _pub_key_compressed_mode{ecc_compressed_mode::compressed_y_0}, _secret_key(), _enc_key_x(), _enc_key_y(), _sym_key(), _nonce(), _tag() {
security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const OCTETSTRING& p_private_key): _elliptic_curve(p_elliptic_curve), _encryption_algotithm(encryption_algotithm::aes_128_ccm), _ec_key(nullptr), _ec_group(nullptr), _bn_ctx(nullptr), _pri_key(p_private_key), _pub_key_x(), _pub_key_y(), _pub_key_compressed(), _pub_key_compressed_mode{ecc_compressed_mode::compressed_y_0}, _secret_key(), _enc_key_x(), _enc_key_y(), _sym_key(), _nonce(), _tag() {
loggers::get_instance().log(">>> security_ecc::security_ecc (1): %d", static_cast<int>(p_elliptic_curve));
// Sanity checks
if ((_elliptic_curve == ec_elliptic_curves::nist_p_256) || (_elliptic_curve == ec_elliptic_curves::brainpool_p_256_r1)) {
if (p_private_key.size() != 32) {
if (p_private_key.lengthof() != 32) {
loggers::get_instance().error("security_ecc::security_ecc (1): Invalid public keys size");
}
} else if (_elliptic_curve == ec_elliptic_curves::brainpool_p_384_r1) {
if ((p_private_key.size() != 48)) {
if ((p_private_key.lengthof() != 48)) {
loggers::get_instance().error("security_ecc::security_ecc (1): Invalid public keys size");
}
}
37,10 → 47,10
// Build private key
BIGNUM* p = ::BN_new();
::BN_bin2bn(_pri_key.data(), _pri_key.size(), p);
::BN_bin2bn(static_cast<const unsigned char*>(_pri_key), _pri_key.lengthof(), p);
// Build public keys
EC_POINT* ec_point = ::EC_POINT_new(_ec_group);
::EC_POINT_mul(_ec_group, ec_point, p, NULL, NULL, _bn_ctx);
::EC_POINT_mul(_ec_group, ec_point, p, nullptr, nullptr, _bn_ctx);
// Set private key
::EC_KEY_set_private_key(_ec_key, p);
if (::EC_KEY_check_key(_ec_key) != 0) {
57,54 → 67,54
loggers::get_instance().error("security_ecc::security_ecc (1): Failed to generate xy coordinates, check algorithms");
}
loggers::get_instance().log("security_ecc::security_ecc (1): xy length: %d", BN_num_bytes(xy));
std::vector<unsigned char> v(BN_num_bytes(xy));
::BN_bn2bin(xy, v.data());
if ((v.size() % 2) != 0) {
OCTETSTRING v = int2oct(0, BN_num_bytes(xy));
::BN_bn2bin(xy, (unsigned char*)static_cast<const unsigned char*>(v));
if ((v.lengthof() % 2) != 0) {
// Remove first byte
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): Complete xy=", v.data(), v.size());
v.erase(v.begin());
loggers::get_instance().log_msg("security_ecc::security_ecc (1): Complete xy=", v);
v = OCTETSTRING(v.lengthof() - 1, 1 + static_cast<const unsigned char*>(v));
}
::BN_clear_free(xy);
xy = nullptr;
 
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): xy=", v.data(), v.size());
const int l = v.size() / 2;
_pub_key_x.resize(l);
std::copy(v.cbegin(), v.cbegin() + l, _pub_key_x.begin());
_pub_key_y.resize(l);
std::copy(v.cbegin() + l, v.cend(), _pub_key_y.begin());
loggers::get_instance().log_msg("security_ecc::security_ecc (1): xy=", v);
const int l = v.lengthof() / 2;
_pub_key_x = OCTETSTRING(l, static_cast<const unsigned char*>(v));
_pub_key_y = OCTETSTRING(l, l + static_cast<const unsigned char*>(v));
 
// Compressed
int len = ::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, NULL, 0, _bn_ctx);
int len = ::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, nullptr, 0, _bn_ctx);
if (len == 0) {
loggers::get_instance().warning("security_ecc::security_ecc (1): Failed to generate x_coordinate compressed key");
_pub_key_compressed = OCTETSTRING(0, nullptr);
} else {
_pub_key_compressed = int2oct(0, len);
if (::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, (unsigned char*)static_cast<const unsigned char*>(_pub_key_compressed), len, _bn_ctx) == 0) {
loggers::get_instance().warning("security_ecc::security_ecc (1): Failed to generate x_coordinate compressed key");
_pub_key_compressed = OCTETSTRING(0, nullptr);
} else { // Remove first byte
loggers::get_instance().log_msg("security_ecc::security_ecc (1): Complete _pub_key_compressed=", _pub_key_compressed);
_pub_key_compressed_mode = ((v[0].get_octet() & 0x01) == 0x00) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1;
_pub_key_compressed = OCTETSTRING().erase(_pub_key_compressed.lengthof() - 1, 1 + static_cast<const unsigned char*>(_pub_key_compressed));
}
}
_pub_key_compressed.resize(len);
if (::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, (unsigned char *)_pub_key_compressed.data(), len, _bn_ctx) == 0) {
loggers::get_instance().warning("security_ecc::security_ecc (1): Failed to generate x_coordinate compressed key");
_pub_key_compressed.clear();
} else { // Remove first byte
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): Complete _pub_key_compressed=", _pub_key_compressed.data(), _pub_key_compressed.size());
_pub_key_compressed_mode = ((v[0] & 0x01) == 0x00) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1;
_pub_key_compressed.erase(_pub_key_compressed.begin());
}
::EC_POINT_free(ec_point);
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): _pub_key_x=", _pub_key_x.data(), _pub_key_x.size());
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): _pub_key_y=", _pub_key_y.data(), _pub_key_y.size());
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): _pub_key_compressed=", _pub_key_compressed.data(), _pub_key_compressed.size());
loggers::get_instance().log_msg("security_ecc::security_ecc (1): _pub_key_x=", _pub_key_x);
loggers::get_instance().log_msg("security_ecc::security_ecc (1): _pub_key_y=", _pub_key_y);
loggers::get_instance().log_msg("security_ecc::security_ecc (1): _pub_key_compressed=", _pub_key_compressed);
loggers::get_instance().log("security_ecc::security_ecc (1): _pub_key_compressed_mode=%d", _pub_key_compressed_mode);
} // End of constructor
 
security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std::vector<unsigned char>& p_public_key_x, const std::vector<unsigned char>& p_public_key_y): _elliptic_curve(p_elliptic_curve), _encryption_algotithm(encryption_algotithm::aes_128_ccm), _ec_key(nullptr), _ec_group(nullptr), _bn_ctx(nullptr), _pri_key(), _pub_key_x(p_public_key_x), _pub_key_y(p_public_key_y), _pub_key_compressed(), _pub_key_compressed_mode{ecc_compressed_mode::compressed_y_0}, _secret_key(), _enc_key_x(), _enc_key_y(), _sym_key(), _nonce(), _tag() {
security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y): _elliptic_curve(p_elliptic_curve), _encryption_algotithm(encryption_algotithm::aes_128_ccm), _ec_key(nullptr), _ec_group(nullptr), _bn_ctx(nullptr), _pri_key(), _pub_key_x(p_public_key_x), _pub_key_y(p_public_key_y), _pub_key_compressed(), _pub_key_compressed_mode{ecc_compressed_mode::compressed_y_0}, _secret_key(), _enc_key_x(), _enc_key_y(), _sym_key(), _nonce(), _tag() {
loggers::get_instance().log(">>> security_ecc::security_ecc (2): %d", static_cast<int>(p_elliptic_curve));
// Sanity checks
if ((_elliptic_curve == ec_elliptic_curves::nist_p_256) || (_elliptic_curve == ec_elliptic_curves::brainpool_p_256_r1)) {
if ((p_public_key_x.size() != 32) || (p_public_key_y.size() != 32)) {
if ((p_public_key_x.lengthof() != 32) || (p_public_key_y.lengthof() != 32)) {
loggers::get_instance().error("security_ecc::security_ecc (2): Invalid public keys size");
}
} else if (_elliptic_curve == ec_elliptic_curves::brainpool_p_384_r1) {
if ((p_public_key_x.size() != 48) || (p_public_key_y.size() != 48)) {
if ((p_public_key_x.lengthof() != 48) || (p_public_key_y.lengthof() != 48)) {
loggers::get_instance().error("security_ecc::security_ecc (2): Invalid public keys size");
}
}
117,9 → 127,9
// Set public key
BIGNUM* x = ::BN_new();
::BN_bin2bn(_pub_key_x.data(), _pub_key_x.size(), x);
::BN_bin2bn(static_cast<const unsigned char*>(_pub_key_x), _pub_key_x.lengthof(), x);
BIGNUM* y = ::BN_new();
::BN_bin2bn(_pub_key_y.data(), _pub_key_y.size(), y);
::BN_bin2bn(static_cast<const unsigned char*>(_pub_key_y), _pub_key_y.lengthof(), y);
EC_POINT* ec_point = ::EC_POINT_new(_ec_group);
result = 0;
switch (_elliptic_curve) {
142,35 → 152,35
::EC_KEY_set_public_key(_ec_key, ec_point);
// Compressed
int len = ::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, NULL, 0, _bn_ctx);
int len = ::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, nullptr, 0, _bn_ctx);
if (len == 0) {
loggers::get_instance().warning("security_ecc::security_ecc (2): Failed to generate x_coordinate compressed key");
}
_pub_key_compressed.resize(len);
if (::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, (unsigned char *)_pub_key_compressed.data(), len, _bn_ctx) == 0) {
_pub_key_compressed = int2oct(0, len);
if (::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, (unsigned char *)static_cast<const unsigned char*>(_pub_key_compressed), len, _bn_ctx) == 0) {
loggers::get_instance().warning("security_ecc::security_ecc (2): Failed to generate x_coordinate compressed key");
_pub_key_compressed.clear();
_pub_key_compressed = OCTETSTRING(0, nullptr);
} else { // Remove first byte
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (2): Complete _pub_key_compressed=", _pub_key_compressed.data(), _pub_key_compressed.size());
_pub_key_compressed.erase(_pub_key_compressed.begin());
loggers::get_instance().log_msg("security_ecc::security_ecc (2): Complete _pub_key_compressed=", _pub_key_compressed);
_pub_key_compressed = OCTETSTRING(_pub_key_compressed.lengthof() -1, 1 + static_cast<const unsigned char*>(_pub_key_compressed));
}
::EC_POINT_free(ec_point);
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (2): _pub_key_x=", _pub_key_x.data(), _pub_key_x.size());
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (2): _pub_key_y=", _pub_key_y.data(), _pub_key_y.size());
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (2): _pub_key_compressed=", _pub_key_compressed.data(), _pub_key_compressed.size());
loggers::get_instance().log_msg("security_ecc::security_ecc (2): _pub_key_x=", _pub_key_x);
loggers::get_instance().log_msg("security_ecc::security_ecc (2): _pub_key_y=", _pub_key_y);
loggers::get_instance().log_msg("security_ecc::security_ecc (2): _pub_key_compressed=", _pub_key_compressed);
loggers::get_instance().log("security_ecc::security_ecc (2): _pub_key_compressed_mode=%d", _pub_key_compressed_mode);
} // End of constructor
 
security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std::vector<unsigned char>& p_public_key_compressed, const ecc_compressed_mode p_compressed_mode): _elliptic_curve(p_elliptic_curve), _encryption_algotithm(encryption_algotithm::aes_128_ccm), _ec_key(nullptr), _ec_group(nullptr), _bn_ctx(nullptr), _pri_key(), _pub_key_x(), _pub_key_y(), _pub_key_compressed(p_public_key_compressed), _pub_key_compressed_mode{p_compressed_mode}, _secret_key(), _enc_key_x(), _enc_key_y(), _sym_key(), _nonce(), _tag() {
security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const OCTETSTRING& p_public_key_compressed, const ecc_compressed_mode p_compressed_mode): _elliptic_curve(p_elliptic_curve), _encryption_algotithm(encryption_algotithm::aes_128_ccm), _ec_key(nullptr), _ec_group(nullptr), _bn_ctx(nullptr), _pri_key(), _pub_key_x(), _pub_key_y(), _pub_key_compressed(p_public_key_compressed), _pub_key_compressed_mode{p_compressed_mode}, _secret_key(), _enc_key_x(), _enc_key_y(), _sym_key(), _nonce(), _tag() {
loggers::get_instance().log(">>> security_ecc::security_ecc (3): %d", static_cast<int>(p_elliptic_curve));
// Sanity checks
if ((_elliptic_curve == ec_elliptic_curves::nist_p_256) || (_elliptic_curve == ec_elliptic_curves::brainpool_p_256_r1)) {
if (p_public_key_compressed.size() != 32) {
if (p_public_key_compressed.lengthof() != 32) {
loggers::get_instance().error("security_ecc::security_ecc (3): Invalid public keys size");
}
} else if (_elliptic_curve == ec_elliptic_curves::brainpool_p_384_r1) {
if (p_public_key_compressed.size() != 48) {
if (p_public_key_compressed.lengthof() != 48) {
loggers::get_instance().error("security_ecc::security_ecc (3): Invalid public keys size");
}
}
183,7 → 193,7
// Set public key
BIGNUM* compressed_key = ::BN_new();
::BN_bin2bn(_pub_key_compressed.data(), _pub_key_compressed.size(), compressed_key);
::BN_bin2bn(static_cast<const unsigned char*>(_pub_key_compressed), _pub_key_compressed.lengthof(), compressed_key);
EC_POINT* ec_point = ::EC_POINT_new(_ec_group);
result = 0;
switch (_elliptic_curve) {
215,26 → 225,24
loggers::get_instance().log("security_ecc::security_ecc (3): xy length: %d", BN_num_bytes(xy));
::EC_KEY_set_public_key(_ec_key, ec_point);
// Generate X, Y coordinates
std::vector<unsigned char> v(BN_num_bytes(xy));
::BN_bn2bin(xy, v.data());
OCTETSTRING v = int2oct(0, BN_num_bytes(xy));
::BN_bn2bin(xy, (unsigned char*)static_cast<const unsigned char*>(v));
::BN_clear_free(xy);
xy = nullptr;
if ((v.size() % 2) != 0) { // TODO Check alse xy[0] == 0x04
if ((v.lengthof() % 2) != 0) { // TODO Check alse xy[0] == 0x04
// Remove first byte
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (3): Complete xy=", v.data(), v.size());
v.erase(v.begin());
loggers::get_instance().log_msg("security_ecc::security_ecc (3): Complete xy=", v);
v = OCTETSTRING(v.lengthof() -1, 1 + static_cast<const unsigned char*>(v));
}
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (3): xy=", v.data(), v.size());
const int l = v.size() / 2;
_pub_key_x.resize(l);
std::copy(v.cbegin(), v.cbegin() + l, _pub_key_x.begin());
_pub_key_y.resize(l);
std::copy(v.cbegin() + l, v.cend(), _pub_key_y.begin());
loggers::get_instance().log_msg("security_ecc::security_ecc (3): xy=", v);
const int l = v.lengthof() / 2;
_pub_key_x = OCTETSTRING(l, static_cast<const unsigned char*>(v));
_pub_key_y = OCTETSTRING(l, l + static_cast<const unsigned char*>(v));
::EC_POINT_free(ec_point);
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (3): _pub_key_x=", _pub_key_x.data(), _pub_key_x.size());
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (3): _pub_key_y=", _pub_key_y.data(), _pub_key_y.size());
loggers::get_instance().log_to_hexa("security_ecc::security_ecc (3): _pub_key_compressed=", _pub_key_compressed.data(), _pub_key_compressed.size());
loggers::get_instance().log_msg("security_ecc::security_ecc (3): _pub_key_x=", _pub_key_x);
loggers::get_instance().log_msg("security_ecc::security_ecc (3): _pub_key_y=", _pub_key_y);
loggers::get_instance().log_msg("security_ecc::security_ecc (3): _pub_key_compressed=", _pub_key_compressed);
loggers::get_instance().log("security_ecc::security_ecc (3): _pub_key_compressed_mode=%d", _pub_key_compressed_mode);
} // End of constructor
 
284,47 → 292,47
}
const BIGNUM* p = ::EC_KEY_get0_private_key(_ec_key);
_pri_key.resize(size);
::BN_bn2bin(p, _pri_key.data());
_pub_key_x.resize(size);
::BN_bn2bin(x, _pub_key_x.data());
_pub_key_y.resize(size);
::BN_bn2bin(y, _pub_key_y.data());
_pri_key = int2oct(0, size);
::BN_bn2bin(p, (unsigned char*)static_cast<const unsigned char*>(_pri_key));
_pub_key_x = int2oct(0, size);
::BN_bn2bin(x, (unsigned char*)static_cast<const unsigned char*>(_pub_key_x));
_pub_key_y = int2oct(0, size);
::BN_bn2bin(y, (unsigned char*)static_cast<const unsigned char*>(_pub_key_y));
::BN_clear_free(x); x = nullptr;
::BN_clear_free(y); y = nullptr;
 
// Compressed
int len = ::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, NULL, 0, _bn_ctx);
int len = ::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, nullptr, 0, _bn_ctx);
if (len == 0) {
loggers::get_instance().warning("security_ecc::generate: Failed to generate x_coordinate compressed key");
}
_pub_key_compressed.resize(len);
if (::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, (unsigned char *)_pub_key_compressed.data(), len, _bn_ctx) == 0) {
_pub_key_compressed = int2oct(0, len);
if (::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, (unsigned char *)static_cast<const unsigned char*>(_pub_key_compressed), len, _bn_ctx) == 0) {
loggers::get_instance().warning("security_ecc::generate: Failed to generate x_coordinate compressed key");
_pub_key_compressed.clear();
_pub_key_compressed = OCTETSTRING(0, nullptr);
} else { // Remove first byte
loggers::get_instance().log_to_hexa("security_ecc::generate: Complete _pub_key_compressed=", _pub_key_compressed.data(), _pub_key_compressed.size());
_pub_key_compressed_mode = ((_pub_key_compressed[0] & 0x01) == 0x00) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1;
_pub_key_compressed.erase(_pub_key_compressed.begin());
loggers::get_instance().log_msg("security_ecc::generate: Complete _pub_key_compressed=", _pub_key_compressed);
_pub_key_compressed_mode = ((_pub_key_compressed[0].get_byte() & 0x01) == 0x00) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1;
_pub_key_compressed = OCTETSTRING(_pub_key_compressed.lengthof() -1, 1 + static_cast<const unsigned char*>(_pub_key_compressed));
}
loggers::get_instance().log_to_hexa("security_ecc::generate: _pri_key=", _pri_key.data(), _pri_key.size());
loggers::get_instance().log_to_hexa("security_ecc::generate: _pub_key_x=", _pub_key_x.data(), _pub_key_x.size());
loggers::get_instance().log_to_hexa("security_ecc::generate: _pub_key_y=", _pub_key_y.data(), _pub_key_y.size());
loggers::get_instance().log_to_hexa("security_ecc::generate: _pub_key_compressed=", _pub_key_compressed.data(), _pub_key_compressed.size());
loggers::get_instance().log_msg("security_ecc::generate: _pri_key=", _pri_key);
loggers::get_instance().log_msg("security_ecc::generate: _pub_key_x=", _pub_key_x);
loggers::get_instance().log_msg("security_ecc::generate: _pub_key_y=", _pub_key_y);
loggers::get_instance().log_msg("security_ecc::generate: _pub_key_compressed=", _pub_key_compressed);
loggers::get_instance().log("security_ecc::generate: _pub_key_compressed_mode=%d", _pub_key_compressed_mode);
return 0;
}
 
int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_recipients_public_key_x, const std::vector<unsigned char>& p_recipients_public_key_y) {
int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y) {
loggers::get_instance().log(">>> security_ecc::generate_and_derive_ephemeral_key (1)");
 
// Sanity checks
if (_pri_key.size() == 0) {
if (_pri_key.lengthof() == 0) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (1): Key shall be generated");
return -1;
}
if ((_pub_key_x.size() == 0) || (_pub_key_y.size() == 0)) {
if ((_pub_key_x.lengthof() == 0) || (_pub_key_y.lengthof() == 0)) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (1): Keys shall be generated");
return -1;
}
332,7 → 340,7
// Set buffers size
int len = (EC_GROUP_get_degree(_ec_group) + 7) / 8;
_secret_key.resize(len);
_secret_key = int2oct(0, len);
unsigned int nonce_length;
unsigned int sym_key_length;
unsigned int tag_length;
367,7 → 375,7
EC_POINT *ec_point = nullptr;
bin_to_ec_point(p_recipients_public_key_x, p_recipients_public_key_y, &ec_point);
// Generate the shared secret key
int result = ::ECDH_compute_key(_secret_key.data(), _secret_key.size(), ec_point, _ec_key, NULL);
int result = ::ECDH_compute_key((unsigned char*)static_cast<const unsigned char*>(_secret_key), _secret_key.lengthof(), ec_point, _ec_key, nullptr);
if (result == -1) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (1): Failed to generate shared secret key");
::EC_POINT_free(ec_point);
374,33 → 382,29
return -1;
}
::EC_POINT_free(ec_point);
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (1): _secret_key: ", _secret_key.data(), _secret_key.size());
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (1): _secret_key: ", _secret_key);
// Derive the shared secret key
std::vector<unsigned char> k_enc(nonce_length + sym_key_length + tag_length, 0x00);
std::vector<unsigned char> k_mac(k_length + k_length, 0x00);
std::vector<unsigned char> digest(k_enc.size() + k_mac.size(), 0x00);
loggers::get_instance().log("security_ecc::generate_and_derive_ephemeral_key (1): k_enc size:%d - k_mac size: %d - digest size:%d: ", k_enc.size(), k_mac.size(), digest.size());
if (PKCS5_PBKDF2_HMAC((const char*)_secret_key.data(), _secret_key.size(), NULL, 0, 2000, EVP_sha256(), digest.size(), digest.data()) != 1) {
const int k_enc = nonce_length + sym_key_length + tag_length;
const int k_mac = k_length + k_length;
OCTETSTRING digest(k_enc + k_mac, 0x00);
loggers::get_instance().log("security_ecc::generate_and_derive_ephemeral_key (1): k_enc size:%d - k_mac size: %d - digest size:%d: ", k_enc, k_mac, digest.lengthof());
if (PKCS5_PBKDF2_HMAC((unsigned char*)static_cast<const unsigned char*>(_secret_key), _secret_key.lengthof(), nullptr, 0, 2000, EVP_sha256(), digest.lengthof(), (unsigned char*)static_cast<const unsigned char*>(digest)) != 1) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Failed to derive shared secret key");
return -1;
}
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (1): digest: ", digest.data(), digest.size());
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (1): digest: ", digest);
 
// Extract AES 128 parameters
_nonce.resize(nonce_length);
std::copy(digest.begin(), digest.begin() + _nonce.size(), _nonce.begin());
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (1): _nonce: ", _nonce.data(), _nonce.size());
_sym_key.resize(sym_key_length);
std::copy(digest.begin() + _nonce.size(), digest.begin() + _nonce.size() + _sym_key.size(), _sym_key.begin());
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (1): _sym_key: ", _sym_key.data(), _sym_key.size());
_tag.resize(tag_length);
std::copy(digest.begin() + _nonce.size() + _sym_key.size(), digest.begin() + _nonce.size() + _sym_key.size() + _tag.size(), _tag.begin()); // TODO Useless???
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (1): _tag: ", _tag.data(), _tag.size());
_nonce = OCTETSTRING(nonce_length, static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (1): _nonce: ", _nonce);
_sym_key = OCTETSTRING(sym_key_length, _nonce.lengthof() + static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (1): _sym_key: ", _sym_key);
_tag = OCTETSTRING(tag_length, _nonce.lengthof() + + _sym_key.lengthof() + static_cast<const unsigned char*>(digest)); // TODO Useless???
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (1): _tag: ", _tag);
// Extract the HMAC key
std::vector<unsigned char> hmac_secret(k_length + k_length, 0x00);
std::copy(digest.data() + nonce_length + sym_key_length + tag_length, digest.data() + nonce_length + sym_key_length + tag_length + 2 * k_length, hmac_secret.begin());
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (1): hmac_secret: ", hmac_secret.data(), hmac_secret.size());
OCTETSTRING hmac_secret = OCTETSTRING(k_length + k_length, nonce_length + sym_key_length + tag_length + static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (1): hmac_secret: ", hmac_secret);
 
// Encrypt the _sym_key
if (encrypt(encryption_algotithm::aes_128_ccm, _sym_key, _nonce, _sym_key, _enc_sym_key) == -1) {
407,16 → 411,16
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (1): Failed to encrypt key");
return -1;
}
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (1): Encrypted symmetric key: ", encrypted_symmetric_key().data(), encrypted_symmetric_key().size());
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (1): Encrypted symmetric key: ", encrypted_symmetric_key());
return 0;
}
 
int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_private_enc_key, const std::vector<unsigned char>& p_ephemeral_public_key_x, const std::vector<unsigned char>& p_ephemeral_public_key_y, const std::vector<unsigned char>& p_enc_sym_key, const std::vector<unsigned char>& p_expected_nonce, const std::vector<unsigned char>& p_authentication_vector) {
int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector) {
loggers::get_instance().log(">>> security_ecc::generate_and_derive_ephemeral_key (2)");
 
// Sanity checks
if (_pri_key.size() == 0) {
if (_pri_key.lengthof() == 0) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (2): Key shall be generated");
return -1;
}
427,7 → 431,7
 
// Set buffers size
int len = (EC_GROUP_get_degree(_ec_group) + 7) / 8;
_secret_key.resize(len);
_secret_key = int2oct(0, len);
unsigned int nonce_length;
unsigned int sym_key_length;
unsigned int tag_length;
462,41 → 466,43
EC_POINT *ec_point = nullptr;
bin_to_ec_point(p_ephemeral_public_key_x, p_ephemeral_public_key_y, &ec_point);
// Generate the shared symmetric key
int result = ::ECDH_compute_key(_secret_key.data(), _secret_key.size(), ec_point, _ec_key, NULL);
int result = ::ECDH_compute_key((unsigned char*)static_cast<const unsigned char*>(_secret_key), _secret_key.lengthof(), ec_point, _ec_key, nullptr);
if (result == -1) {
::EC_POINT_free(ec_point);
return -1;
}
::EC_POINT_free(ec_point);
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (2): _secret_key: ", _secret_key.data(), _secret_key.size());
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): _secret_key: ", _secret_key);
// Derive the shared secret key
std::vector<unsigned char> k_enc(nonce_length + sym_key_length + tag_length, 0x00);
std::vector<unsigned char> k_mac(k_length + k_length, 0x00);
std::vector<unsigned char> digest(k_enc.size() + k_mac.size(), 0x00);
loggers::get_instance().log("security_ecc::generate_and_derive_ephemeral_key (2): k_enc size:%d - k_mac size: %d - digest size:%d: ", k_enc.size(), k_mac.size(), digest.size());
if (PKCS5_PBKDF2_HMAC((const char*)_secret_key.data(), _secret_key.size(), NULL, 0, 2000, EVP_sha256(), digest.size(), digest.data()) != 1) {
const int k_enc = nonce_length + sym_key_length + tag_length;
const int k_mac = k_length + k_length;
OCTETSTRING digest(k_enc + k_mac, 0x00);
loggers::get_instance().log("security_ecc::generate_and_derive_ephemeral_key (2): k_enc size:%d - k_mac size: %d - digest size:%d: ", k_enc, k_mac, digest.lengthof());
if (PKCS5_PBKDF2_HMAC((unsigned char*)static_cast<const unsigned char*>(_secret_key), _secret_key.lengthof(), nullptr, 0, 2000, EVP_sha256(), digest.lengthof(), (unsigned char*)static_cast<const unsigned char*>(digest)) != 1) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Failed to derive shared secret key");
return -1;
}
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (2): digest: ", digest.data(), digest.size());
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): digest: ", digest);
 
// Extract AES 128 parameters
std::vector<unsigned char> nonce(nonce_length, 0x00);
std::copy(digest.begin(), digest.begin() + nonce.size(), nonce.begin());
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (2): Generated nonce: ", nonce.data(), nonce.size());
std::vector<unsigned char> sym_key(sym_key_length, 0x00);
std::copy(digest.begin() + nonce.size(), digest.begin() + nonce.size() + sym_key.size(), sym_key.begin());
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (2): sym_key: ", sym_key.data(), sym_key.size());
std::vector<unsigned char> tag(tag_length, 0x00);
std::copy(digest.begin() + nonce.size() + sym_key.size(), digest.begin() + nonce.size() + sym_key.size() + tag.size(), tag.begin()); // TODO Useless???
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (2): tag: ", tag.data(), tag.size());
 
_nonce = OCTETSTRING(nonce_length, static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): _nonce: ", _nonce);
_sym_key = OCTETSTRING(sym_key_length, _nonce.lengthof() + static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): _sym_key: ", _sym_key);
_tag = OCTETSTRING(tag_length, _nonce.lengthof() + + _sym_key.lengthof() + static_cast<const unsigned char*>(digest)); // TODO Useless???
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): _tag: ", _tag);
// Extract the HMAC key
std::vector<unsigned char> hmac_secret(k_length + k_length, 0x00);
std::copy(digest.data() + nonce_length + sym_key_length + tag_length, digest.data() + nonce_length + sym_key_length + tag_length + 2 * k_length, hmac_secret.begin());
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (2): hmac_secret: ", hmac_secret.data(), hmac_secret.size());
OCTETSTRING hmac_secret = OCTETSTRING(k_length + k_length, nonce_length + sym_key_length + tag_length + static_cast<const unsigned char*>(digest));
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): hmac_secret: ", hmac_secret);
 
// Encrypt the _sym_key
if (encrypt(encryption_algotithm::aes_128_ccm, _sym_key, _nonce, _sym_key, _enc_sym_key) == -1) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (2): Failed to encrypt key");
return -1;
}
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): Encrypted symmetric key: ", encrypted_symmetric_key());
 
// Check if nonce vectors are valid
if (_nonce != nonce) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (2): Failed to derive nonce vector");
504,22 → 510,22
}
// Decrypt the symmetric key
std::vector<unsigned char> skey;
OCTETSTRING skey;
if (decrypt(p_enc_algorithm, sym_key, nonce, p_authentication_vector, p_enc_sym_key, skey) == -1) {
loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (2): Failed to decrypt key");
return -1;
}
_sym_key = skey;
loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key (2): Decrypted symmetric key: ", symmetric_encryption_key().data(), symmetric_encryption_key().size());
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): Decrypted symmetric key: ", symmetric_encryption_key());
return 0;
}
 
int security_ecc::encrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message) {
int security_ecc::encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message) {
loggers::get_instance().log(">>> security_ecc::encrypt: %d", p_enc_algorithm);
 
// Sanity checks
if ((_pub_key_x.size() != 0) || (_pub_key_y.size() != 0)) {
if ((_pub_key_x.lengthof() != 0) || (_pub_key_y.lengthof() != 0)) {
loggers::get_instance().warning("security_ecc::encrypt: Constructor format #1 shall be used");
return -1;
}
529,44 → 535,44
EVP_CIPHER_CTX *ctx = ::EVP_CIPHER_CTX_new();
switch (_encryption_algotithm) {
case encryption_algotithm::aes_128_ccm:
::EVP_EncryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL);
::EVP_EncryptInit_ex(ctx, EVP_aes_128_ccm(), nullptr, nullptr, nullptr);
// Allocate buffers size
_nonce.resize(12);
_tag.resize(16);
_sym_key.resize(16);
p_enc_message.resize(p_message.size());
_nonce = int2oct(0, 12);
_tag = int2oct(0, 16);
_sym_key = int2oct(0, 16);
p_enc_message = int2oct(0, p_message.lengthof());
break;
case encryption_algotithm::aes_256_ccm:
::EVP_EncryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL);
::EVP_EncryptInit_ex(ctx, EVP_aes_256_ccm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_128_gcm:
::EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
::EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_256_gcm:
::EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
::EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), nullptr, nullptr, nullptr);
break;
} // End of 'switch' statement
// Generate _sym_key
::RAND_bytes(_sym_key.data(), _sym_key.size());
loggers::get_instance().log_to_hexa("security_ecc::encrypt: _sym_key: ", _sym_key.data(), _sym_key.size());
::RAND_bytes((unsigned char*)static_cast<const unsigned char*>(_sym_key), _sym_key.lengthof());
loggers::get_instance().log_msg("security_ecc::encrypt: _sym_key: ", _sym_key);
// Generate _nonce
::RAND_bytes(_nonce.data(), _nonce.size());
loggers::get_instance().log_to_hexa("security_ecc::encrypt: nonce: ", _nonce.data(), _nonce.size());
::RAND_bytes((unsigned char*)static_cast<const unsigned char*>(_nonce), _nonce.lengthof());
loggers::get_instance().log_msg("security_ecc::encrypt: nonce: ", _nonce);
// Set nonce length
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.size(), NULL);
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.lengthof(), nullptr);
// Set tag length
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.size(), NULL);
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.lengthof(), nullptr);
// Prime the key and nonce
::EVP_EncryptInit_ex(ctx, NULL, NULL, _sym_key.data(), _nonce.data());
::EVP_EncryptInit_ex(ctx, nullptr, nullptr, static_cast<const unsigned char*>(_sym_key), static_cast<const unsigned char*>(_nonce));
// No authentication data
// Encrypt the data
int len = 0;
::EVP_EncryptUpdate(ctx, p_enc_message.data(), &len, p_message.data(), p_message.size());
::EVP_EncryptUpdate(ctx, (unsigned char*)static_cast<const unsigned char*>(p_enc_message), &len, static_cast<const unsigned char*>(p_message), p_message.lengthof());
// Finalize the encryption session
::EVP_EncryptFinal_ex(ctx, p_enc_message.data() + len, &len);
// Get the authentication tag
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, _tag.size(), _tag.data());
loggers::get_instance().log_to_hexa("security_ecc::encrypt: tag: ", _tag.data(), _tag.size());
::EVP_EncryptFinal_ex(ctx, (unsigned char*)static_cast<const unsigned char*>(p_enc_message)) + len, &len);
// Get the authentication tag(const char*)static_cast<const unsigned char*>(
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, _tag.lengthof(), (unsigned char*)static_cast<const unsigned char*>(_tag));
loggers::get_instance().log_msg("security_ecc::encrypt: tag: ", _tag);
 
::EVP_CIPHER_CTX_free(ctx);
 
573,7 → 579,7
return 0;
}
 
int security_ecc::encrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_symmetric_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message) {
int security_ecc::encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_symmetric_key, const OCTETSTRING& p_nonce, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message) {
loggers::get_instance().log(">>> security_ecc::encrypt (2): %d", p_enc_algorithm);
 
_encryption_algotithm = p_enc_algorithm;
584,38 → 590,38
EVP_CIPHER_CTX *ctx = ::EVP_CIPHER_CTX_new();
switch (_encryption_algotithm) {
case encryption_algotithm::aes_128_ccm:
::EVP_EncryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL);
::EVP_EncryptInit_ex(ctx, EVP_aes_128_ccm(), nullptr, nullptr, nullptr);
// Allocate buffers size
_tag.resize(16);
p_enc_message.resize(p_message.size());
_tag = int2oct(0, 16);
p_enc_message.resize(p_message.lengthof());
break;
case encryption_algotithm::aes_256_ccm:
::EVP_EncryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL);
::EVP_EncryptInit_ex(ctx, EVP_aes_256_ccm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_128_gcm:
::EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
::EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_256_gcm:
::EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
::EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), nullptr, nullptr, nullptr);
break;
} // End of 'switch' statement
loggers::get_instance().log_to_hexa("security_ecc::encrypt: _sym_key: ", _sym_key.data(), _sym_key.size());
loggers::get_instance().log_to_hexa("security_ecc::encrypt: nonce: ", _nonce.data(), _nonce.size());
loggers::get_instance().log_msg("security_ecc::encrypt: _sym_key: ", _sym_key);
loggers::get_instance().log_msg("security_ecc::encrypt: nonce: ", _nonce);
// Set nonce length
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.size(), NULL);
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.lengthof(), nullptr);
// Set tag length
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.size(), NULL);
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.lengthof(), nullptr);
// Prime the key and nonce
::EVP_EncryptInit_ex(ctx, NULL, NULL, _sym_key.data(), _nonce.data());
::EVP_EncryptInit_ex(ctx, nullptr, nullptr, (unsigned char*)static_cast<const unsigned char*>(_sym_key), (const char*)static_cast<const unsigned char*>(_nonce));
// No authentication data
// Encrypt the data
int len = 0;
::EVP_EncryptUpdate(ctx, p_enc_message.data(), &len, p_message.data(), p_message.size());
::EVP_EncryptUpdate(ctx, (unsigned char*)static_cast<const unsigned char*>(p_enc_message), &len, static_cast<const unsigned char*>(p_message), p_message.lengthof());
// Finalize the encryption session
::EVP_EncryptFinal_ex(ctx, p_enc_message.data() + len, &len);
::EVP_EncryptFinal_ex(ctx, (unsigned char*)static_cast<const unsigned char*>(p_enc_message) + len, &len);
// Get the authentication tag
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, _tag.size(), _tag.data());
loggers::get_instance().log_to_hexa("security_ecc::encrypt: tag: ", _tag.data(), _tag.size());
::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, _tag.lengthof(), (unsigned char*)static_cast<const unsigned char*>(_tag));
loggers::get_instance().log_msg("security_ecc::encrypt: tag: ", _tag);
 
::EVP_CIPHER_CTX_free(ctx);
622,7 → 628,7
return 0;
}
 
int security_ecc::decrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message) {
int security_ecc::decrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_key, const OCTETSTRING& p_nonce, const OCTETSTRING& p_tag, const OCTETSTRING& p_enc_message, OCTETSTRING& p_message) {
loggers::get_instance().log(">>> security_ecc::decrypt: %d", p_enc_algorithm);
 
_encryption_algotithm = p_enc_algorithm;
634,28 → 640,28
EVP_CIPHER_CTX *ctx = ::EVP_CIPHER_CTX_new();
switch (_encryption_algotithm) {
case encryption_algotithm::aes_128_ccm:
::EVP_DecryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL);
::EVP_DecryptInit_ex(ctx, EVP_aes_128_ccm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_256_ccm:
::EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL);
::EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_128_gcm:
::EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
::EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_256_gcm:
::EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
::EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), nullptr, nullptr, nullptr);
break;
} // End of 'switch' statement
// Set nonce length
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.size(), NULL);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.lengthof(), nullptr);
// Set expected tag value
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.size(), _tag.data());
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.lengthof(), static_cast<const unsigned char*>(_tag));
// Specify key and IV
EVP_DecryptInit_ex(ctx, NULL, NULL, _sym_key.data(), _nonce.data());
EVP_DecryptInit_ex(ctx, nullptr, nullptr, static_cast<const unsigned char*>(_sym_key), static_cast<const unsigned char*>(_nonce));
// Decrypt plaintext, verify tag: can only be called once
p_message.resize(p_enc_message.size());
p_message.resize(p_enc_message.lengthof());
int len = 0;
int result = EVP_DecryptUpdate(ctx, p_message.data(), &len, p_enc_message.data(), p_enc_message.size());
int result = EVP_DecryptUpdate(ctx, (unsigned char*)static_cast<const unsigned char*>(p_message), &len, static_cast<const unsigned char*>(p_enc_message), p_enc_message.lengthof());
loggers::get_instance().log("security_ecc::decrypt: len: %d", len);
loggers::get_instance().log("security_ecc::decrypt: result: %d", result);
::EVP_CIPHER_CTX_free(ctx);
663,11 → 669,11
return (result > 0) ? 0 : -1;
}
 
int security_ecc::decrypt(const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message) {
int security_ecc::decrypt(const OCTETSTRING& p_tag, const OCTETSTRING& p_enc_message, OCTETSTRING& p_message) {
loggers::get_instance().log(">>> security_ecc::decrypt: %d", _encryption_algotithm);
 
// Sanity checks
if ((_pri_key.size() == 0) || (_secret_key.size() == 0)) {
if ((_pri_key.lengthof() == 0) || (_secret_key.lengthof() == 0)) {
loggers::get_instance().warning("security_ecc::decrypt: Constrictor format #2 shall be used");
return -1;
}
677,28 → 683,28
EVP_CIPHER_CTX *ctx = ::EVP_CIPHER_CTX_new();
switch (_encryption_algotithm) {
case encryption_algotithm::aes_128_ccm:
::EVP_DecryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL);
::EVP_DecryptInit_ex(ctx, EVP_aes_128_ccm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_256_ccm:
::EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL);
::EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_128_gcm:
::EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
::EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), nullptr, nullptr, nullptr);
break;
case encryption_algotithm::aes_256_gcm:
::EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
::EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), nullptr, nullptr, nullptr);
break;
} // End of 'switch' statement
// Set nonce length
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.size(), NULL);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.lengthof(), nullptr);
// Set expected tag value
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.size(), _tag.data());
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.lengthof(), static_cast<const unsigned char*>(_tag));
// Specify key and IV
EVP_DecryptInit_ex(ctx, NULL, NULL, _sym_key.data(), _nonce.data());
EVP_DecryptInit_ex(ctx, nullptr, nullptr, static_cast<const unsigned char*>(_sym_key), static_cast<const unsigned char*>(_nonce));
// Decrypt plaintext, verify tag: can only be called once
p_message.resize(p_enc_message.size());
p_message.resize(p_enc_message.lengthof());
int len = 0;
int result = EVP_DecryptUpdate(ctx, p_message.data(), &len, p_enc_message.data(), p_enc_message.size());
int result = EVP_DecryptUpdate(ctx, (unsigned char*)static_cast<const unsigned char*>(p_message), &len, static_cast<const unsigned char*>(p_enc_message), p_enc_message.lengthof());
loggers::get_instance().log("security_ecc::decrypt: len: %d", len);
loggers::get_instance().log("security_ecc::decrypt: result: %d", result);
::EVP_CIPHER_CTX_free(ctx);
706,19 → 712,19
return (result > 0) ? 0 : -1;
}
 
int security_ecc::sign(const std::vector<unsigned char>& p_data, std::vector<unsigned char>& p_r_sig, std::vector<unsigned char>& p_s_sig) {
int security_ecc::sign(const OCTETSTRING& p_data, OCTETSTRING& p_r_sig, OCTETSTRING& p_s_sig) {
loggers::get_instance().log(">>> security_ecc::sign");
loggers::get_instance().log_to_hexa(">>> security_ecc::sign: p_data: ", p_data.data(), p_data.size());
loggers::get_instance().log_msg(">>> security_ecc::sign: p_data: ", p_data);
 
// Sanity checks
if(_pri_key.size() == 0) { // No private key
if(_pri_key.lengthof() == 0) { // No private key
return -1;
}
if (p_data.size() == 0) {
if (p_data.lengthof() == 0) {
return -1;
}
ECDSA_SIG *signature = ::ECDSA_do_sign(p_data.data(), p_data.size(), _ec_key);
ECDSA_SIG *signature = ::ECDSA_do_sign(static_cast<const unsigned char*>(p_data), p_data.lengthof(), _ec_key);
if (signature == nullptr) {
loggers::get_instance().warning("security_ecc::sign: Signature failed");
return -1;
725,7 → 731,7
}
loggers::get_instance().log("security_ecc::sign: succeed");
 
if (::ECDSA_do_verify(p_data.data(), p_data.size(), signature, _ec_key) != 1) {
if (::ECDSA_do_verify(static_cast<const unsigned char*>(p_data), p_data.lengthof(), signature, _ec_key) != 1) {
loggers::get_instance().warning("security_ecc::sign: Signature not verified");
return -1;
}
733,12 → 739,12
const BIGNUM* r = nullptr;
const BIGNUM* s = nullptr;
::ECDSA_SIG_get0(signature, &r, &s);
p_r_sig.resize(BN_num_bytes(r));
::BN_bn2bin(r, p_r_sig.data());
loggers::get_instance().log_to_hexa("security_ecc::sign: r=", p_r_sig.data(), p_r_sig.size());
p_s_sig.resize(BN_num_bytes(s));
::BN_bn2bin(s, p_s_sig.data());
loggers::get_instance().log_to_hexa("security_ecc::sign: s=", p_s_sig.data(), p_s_sig.size());
p_r_sig = int2oct(0, BN_num_bytes(r));
::BN_bn2bin(r, (unsigned char*)static_cast<const unsigned char*>(p_r_sig));
loggers::get_instance().log_msg("security_ecc::sign: r=", p_r_sig);
p_s_sig = int2oct(0, BN_num_bytes(s));
::BN_bn2bin(s, (unsigned char*)static_cast<const unsigned char*>(p_s_sig));
loggers::get_instance().log_msg("security_ecc::sign: s=", p_s_sig);
 
::ECDSA_SIG_free(signature);
745,24 → 751,24
return 0;
}
 
int security_ecc::sign_verif(const std::vector<unsigned char>& p_data, const std::vector<unsigned char>& p_signature) {
int security_ecc::sign_verif(const OCTETSTRING& p_data, const OCTETSTRING& p_signature) {
loggers::get_instance().log(">>> security_ecc::sign_verif");
loggers::get_instance().log_to_hexa(">>> security_ecc::sign_verify: p_data: ", p_data.data(), p_data.size());
loggers::get_instance().log_msg(">>> security_ecc::sign_verify: p_data: ", p_data);
 
// Sanity checks
if (p_data.size() == 0) {
if (p_data.lengthof() == 0) {
return -1;
}
 
// Build the signature
BIGNUM* r = ::BN_bin2bn(p_signature.data(), p_signature.size() / 2, nullptr);
loggers::get_instance().log_to_hexa("security_ecc::sign_verify: r=", p_signature.data(), p_signature.size() / 2);
BIGNUM* s = ::BN_bin2bn(p_signature.data() + p_signature.size() / 2, p_signature.size() / 2, nullptr);
loggers::get_instance().log_to_hexa("security_ecc::sign_verify: s=", p_signature.data() + p_signature.size() / 2, p_signature.size() / 2);
BIGNUM* r = ::BN_bin2bn(static_cast<const unsigned char*>(p_signature), p_signature.lengthof() / 2, nullptr);
loggers::get_instance().log_to_hexa("security_ecc::sign_verify: r=", static_cast<const unsigned char*>(p_signature), p_signature.lengthof() / 2);
BIGNUM* s = ::BN_bin2bn(static_cast<const unsigned char*>(p_signature) + p_signature.lengthof() / 2, p_signature.lengthof() / 2, nullptr);
loggers::get_instance().log_to_hexa("security_ecc::sign_verify: s=", static_cast<const unsigned char*>(p_signature) + p_signature.lengthof() / 2, p_signature.lengthof() / 2);
ECDSA_SIG *signature = ECDSA_SIG_new();
::ECDSA_SIG_set0(signature, r, s);
// Check the signature
int result = ::ECDSA_do_verify(p_data.data(), p_data.size(), signature, _ec_key);
int result = ::ECDSA_do_verify(static_cast<const unsigned char*>(p_data), p_data.lengthof(), signature, _ec_key);
::ECDSA_SIG_free(signature);
loggers::get_instance().log("security_ecc::sign_verif: %s", (result == 1) ? "succeed": "failed");
return (result == 1) ? 0 : -1;
802,23 → 808,23
return 0;
} // End of init
 
int security_ecc::bin_to_ec_point(const std::vector<unsigned char>& p_public_key_x, const std::vector<unsigned char>& p_public_key_y, EC_POINT** p_ec_point) { // ec_key_public_key_bin_to_point
int security_ecc::bin_to_ec_point(const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, EC_POINT** p_ec_point) { // ec_key_public_key_bin_to_point
BIGNUM* pubk_bn;
 
std::vector<unsigned char> v(1, 0x04);
v.insert(v.end(), std::make_move_iterator(p_public_key_x.begin()), std::make_move_iterator(p_public_key_x.end()));
v.insert(v.end(), std::make_move_iterator(p_public_key_y.begin()), std::make_move_iterator(p_public_key_y.end()));
OCTETSTRING v(1, 0x04);
v += p_public_key_x;
v += p_public_key_y;
 
pubk_bn = ::BN_bin2bn(v.data(), v.size(), NULL);
pubk_bn = ::BN_bin2bn(static_cast<const unsigned char*>(v), v.lengthof(), nullptr);
*p_ec_point = ::EC_POINT_new(_ec_group);
::EC_POINT_bn2point(_ec_group, pubk_bn, *p_ec_point, _bn_ctx);
 
// BIO *bio_out = NULL; /* stdout */
// BIO *bio_out = nullptr; /* stdout */
// bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
// BIGNUM *x = BN_new();
// BIGNUM *y = BN_new();
// if (EC_POINT_get_affine_coordinates_GFp(_ec_group, *p_ec_point, x, y, NULL)) {
// if (EC_POINT_get_affine_coordinates_GFp(_ec_group, *p_ec_point, x, y, nullptr)) {
// BN_print_fp(stdout, x);
// putc('\n', stdout);
// BN_print_fp(stdout, y);
829,14 → 835,14
return 0;
}
 
int security_ecc::public_key_to_bin(std::vector<unsigned char>& p_bin_key) { // ec_key_public_key_to_bin
int security_ecc::public_key_to_bin(OCTETSTRING& p_bin_key) { // ec_key_public_key_to_bin
const EC_GROUP *ec_group = EC_KEY_get0_group(_ec_key);
const EC_POINT *pub = EC_KEY_get0_public_key(_ec_key);
BIGNUM *pub_bn = BN_new();
 
::EC_POINT_point2bn(ec_group, pub, POINT_CONVERSION_UNCOMPRESSED, pub_bn, _bn_ctx);
p_bin_key.resize(BN_num_bytes(pub_bn));
::BN_bn2bin(pub_bn, p_bin_key.data());
p_bin_key = int2oct(0, BN_num_bytes(pub_bn));
::BN_bn2bin(pub_bn, (unsigned char*)static_cast<const unsigned char*>(p_bin_key));
 
::BN_clear_free(pub_bn);
 
/branches/STF525/ccsrc/Protocols/Security/security_ecc.hh
10,13 → 10,13
*/
#pragma once
 
#include <vector>
 
#include <openssl/err.h>
#include <openssl/ec.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
 
class OCTETSTRING; //! TITAN forward declaration
 
/*!
* \enum Supported Elliptic curves
*/
54,18 → 54,18
EC_KEY* _ec_key; /*!< EC_KEY reference */
const EC_GROUP* _ec_group; /*!< EC_GROUP reference */
BN_CTX* _bn_ctx; /*!< Pre-alocated memory used to increase OpenSSL processing */
std::vector<unsigned char> _pri_key; /*!< Private key storage */
std::vector<unsigned char> _pub_key_x; /*!< Public key X-coordinate storage */
std::vector<unsigned char> _pub_key_y; /*!< Public key Y-coordinate storage */
std::vector<unsigned char> _pub_key_compressed; /*!< Public key compressed */
OCTETSTRING _pri_key; /*!< Private key storage */
OCTETSTRING _pub_key_x; /*!< Public key X-coordinate storage */
OCTETSTRING _pub_key_y; /*!< Public key Y-coordinate storage */
OCTETSTRING _pub_key_compressed; /*!< Public key compressed */
ecc_compressed_mode _pub_key_compressed_mode; /*!< Public key coordinates compression mode */
std::vector<unsigned char> _secret_key; /*!< Shared secret key generated by ECIES encryption method */
std::vector<unsigned char> _enc_key_x; /*!< Ephemeral public key X-coordinate storage */
std::vector<unsigned char> _enc_key_y; /*!< Ephemeral public key Y-coordinate storage */
std::vector<unsigned char> _sym_key; /*!< AES symmetric encryption key generated by encryption method */
std::vector<unsigned char> _enc_sym_key; /*!< Encrypted AES symmetric encryption key generated by encryption method */
std::vector<unsigned char> _nonce; /*!< Initial Vector generated by encryption method */
std::vector<unsigned char> _tag; /*!< Tag vector generated by encryption method */
OCTETSTRING _secret_key; /*!< Shared secret key generated by ECIES encryption method */
OCTETSTRING _enc_key_x; /*!< Ephemeral public key X-coordinate storage */
OCTETSTRING _enc_key_y; /*!< Ephemeral public key Y-coordinate storage */
OCTETSTRING _sym_key; /*!< AES symmetric encryption key generated by encryption method */
OCTETSTRING _enc_sym_key; /*!< Encrypted AES symmetric encryption key generated by encryption method */
OCTETSTRING _nonce; /*!< Initial Vector generated by encryption method */
OCTETSTRING _tag; /*!< Tag vector generated by encryption method */
public: //! \publicsection
/*!
80,7 → 80,7
* \param[in] p_private_key The private key
* \remark Some public key are created based on the provided private keys
*/
security_ecc(const ec_elliptic_curves p_elliptic_curve, const std::vector<unsigned char>& p_private_key);
security_ecc(const ec_elliptic_curves p_elliptic_curve, const OCTETSTRING& p_private_key);
/*!
* \brief Constructor based on the public keys only
* \param[in] p_elliptic_curve The ECDSA curve family to be used
87,7 → 87,7
* \remark The call to the method security_ecc::sign() will failed
* \remark The call to the method security_ecc::generate() will overwrite the provided public keys
*/
security_ecc(const ec_elliptic_curves p_elliptic_curve, const std::vector<unsigned char>& p_public_key_x, const std::vector<unsigned char>& p_public_key_y);
security_ecc(const ec_elliptic_curves p_elliptic_curve, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y);
/*!
* \brief Constructor based on the public xompressed key only
* \param[in] p_elliptic_curve The ECDSA curve family to be used
94,7 → 94,7
* \remark The call to the method security_ecc::sign() will failed
* \remark The call to the method security_ecc::generate() will overwrite the provided public keys
*/
security_ecc(const ec_elliptic_curves p_elliptic_curve, const std::vector<unsigned char>& p_public_key_compressed, const ecc_compressed_mode p_compressed_mode);
security_ecc(const ec_elliptic_curves p_elliptic_curve, const OCTETSTRING& p_public_key_compressed, const ecc_compressed_mode p_compressed_mode);
/*!
* \brief Destructor
*/
108,7 → 108,7
*/
int generate();
/*!
* \fn int sign(const std::vector<unsigned char>& p_data, std::vector<unsigned char>& p_r_sig, std::vector<unsigned char>& p_s_sig);
* \fn int sign(const OCTETSTRING& p_data, OCTETSTRING& p_r_sig, OCTETSTRING& p_s_sig);
* \brief Signed the data using ECDSA algorithm
* \param[in] p_data The data to be signed
* \param[out] p_r_sig Part of the signature
115,18 → 115,18
* \param[out] p_s_sig Part of the signature
* \return 0 on success, -1 otherwise
*/
int sign(const std::vector<unsigned char>& p_data, std::vector<unsigned char>& p_r_sig, std::vector<unsigned char>& p_s_sig);
int sign(const OCTETSTRING& p_data, OCTETSTRING& p_r_sig, OCTETSTRING& p_s_sig);
/*!
* \fn int sign_verif(const std::vector<unsigned char>& p_data, const std::vector<unsigned char>& p_signature);
* \fn int sign_verif(const OCTETSTRING& p_data, const OCTETSTRING& p_signature);
* \brief Verifiy an ECDSA signature
* \param[in] p_data The signed data
* \param[in] p_signature The signature part, based on r_sig part and s_sig part
* \return 0 on success, -1 otherwise
*/
int sign_verif(const std::vector<unsigned char>& p_data, const std::vector<unsigned char>& p_signature);
int sign_verif(const OCTETSTRING& p_data, const OCTETSTRING& p_signature);
/*!
* \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_recipients_public_key_x, const std::vector<unsigned char>& p_recipients_public_key_y);
* \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y);
* \brief Generate a shared secret key and derive it using KDF2 algorithm.
* This method shall be used by the sender. Fresh keys will be genrated for each cyphering operation
* \param[in] p_enc_algorithm The encryption algorithm to be used
138,10 → 138,10
* \see encrypt methog to encrypt a message based of the generated symetric encryption key
* \return 0 on success, -1 otherwise
*/
int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_recipients_public_key_x, const std::vector<unsigned char>& p_recipients_public_key_y);
int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y);
 
/*!
* \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_private_enc_key, const std::vector<unsigned char>& p_ephemeral_public_key_x, const std::vector<unsigned char>& p_ephemeral_public_key_y);
* \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y);
* \brief Generate a shared secret key and derive it using KDF2 algorithm.
* \param[in] p_enc_algorithm The encryption algorithm to be used
* \param[in] p_private_enc_key The private encryption key associated to the public encryption key
151,10 → 151,10
* \remark To get the decrypteded symmetric encryption key, uses \see symmetric_encryption_key method
* \return 0 on success, -1 otherwise
*/
int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_private_enc_key, const std::vector<unsigned char>& p_ephemeral_public_key_x, const std::vector<unsigned char>& p_ephemeral_public_key_y, const std::vector<unsigned char>& p_enc_sym_key, const std::vector<unsigned char>& p_expected_nonce, const std::vector<unsigned char>& p_authentication_vector);
int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector);
 
/*!
* \fn int encrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message);
* \fn int encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message);
* \brief Encryption using the specified algorithm, the encryption parameters are generated automatically.
* \param[in] p_enc_algorithm The algorithm to use for the encryption
* \param[in] p_message The message to be encrypted
164,9 → 164,9
* \remark To get the generated tag, uses \see tag method
* \return 0 on success, -1 otherwise
*/
int encrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message);
int encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message);
/*!
* \fn int encrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_symmetric_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message);
* \fn int encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_symmetric_key, const OCTETSTRING& p_nonce, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message);
* \brief Encryption using the specified algorithm. The encryption parameters are provided by the caller (e.g. ECIES encryption).
* \param[in] p_enc_algorithm The algorithm to use for the encryption
* \param[in] p_symmetric_key
178,9 → 178,9
* \remark To get the generated tag, uses \see tag method
* \return 0 on success, -1 otherwise
*/
int encrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_symmetric_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message);
int encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_symmetric_key, const OCTETSTRING& p_nonce, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message);
/*!
* \fn int decrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message);
* \fn int decrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_key, const OCTETSTRING& p_nonce, const OCTETSTRING& p_tag, const OCTETSTRING& p_enc_message, OCTETSTRING& p_message);
* \brief Decryption using the specified parameters.
* \param[in] p_enc_algorithm The algorithm to use for the decryption
* \param[in] p_nonce The algorithm to use for the encryption
192,9 → 192,9
* \remark To get the generated tag, uses \see tag method
* \return 0 on success, -1 otherwise
*/
int decrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_symmetric_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message);
int decrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_symmetric_key, const OCTETSTRING& p_nonce, const OCTETSTRING& p_tag, const OCTETSTRING& p_enc_message, OCTETSTRING& p_message);
/*!
* \fn int decrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message);
* \fn int decrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_key, const OCTETSTRING& p_nonce, const OCTETSTRING& p_tag, const OCTETSTRING& p_enc_message, OCTETSTRING& p_message);
* \brief Decryption using default parameters.
* \param[in] p_tag The algorithm to use for the encryption
* \param[in] p_enc_message The message to be decrypted
204,20 → 204,20
* \remark To get the generated tag, uses \see tag method
* \return 0 on success, -1 otherwise
*/
int decrypt(const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message);
int decrypt(const OCTETSTRING& p_tag, const OCTETSTRING& p_enc_message, OCTETSTRING& p_message);
inline const std::vector<unsigned char>& private_key() const { return _pri_key; };
inline const std::vector<unsigned char>& public_key_x() const { return _pub_key_x; };
inline const std::vector<unsigned char>& public_key_y() const { return _pub_key_y; };
inline const std::vector<unsigned char>& public_key_compressed() const { return _pub_key_compressed; };
inline const OCTETSTRING& private_key() const { return _pri_key; };
inline const OCTETSTRING& public_key_x() const { return _pub_key_x; };
inline const OCTETSTRING& public_key_y() const { return _pub_key_y; };
inline const OCTETSTRING& public_key_compressed() const { return _pub_key_compressed; };
inline const ecc_compressed_mode& public_key_compressed_mode() const { return _pub_key_compressed_mode; };
inline const std::vector<unsigned char>& secret_key() const { return _secret_key; };
inline const std::vector<unsigned char>& encryption_key_x() const { return _enc_key_x; };
inline const std::vector<unsigned char>& encryption_key_y() const { return _enc_key_y; };
inline const std::vector<unsigned char>& encrypted_symmetric_key() const { return _enc_sym_key; };
inline const std::vector<unsigned char>& symmetric_encryption_key() const { return _sym_key; };
inline const std::vector<unsigned char>& nonce() const { return _nonce; };
inline const std::vector<unsigned char>& tag() const { return _tag; };
inline const OCTETSTRING& secret_key() const { return _secret_key; };
inline const OCTETSTRING& encryption_key_x() const { return _enc_key_x; };
inline const OCTETSTRING& encryption_key_y() const { return _enc_key_y; };
inline const OCTETSTRING& encrypted_symmetric_key() const { return _enc_sym_key; };
inline const OCTETSTRING& symmetric_encryption_key() const { return _sym_key; };
inline const OCTETSTRING& nonce() const { return _nonce; };
inline const OCTETSTRING& tag() const { return _tag; };
private: //! \privatesection
/*!
227,17 → 227,17
*/
const int init();
/*!
* \fn int bin_to_ec_point(const std::vector<unsigned char>& p_public_key_x, const std::vector<unsigned char>& p_public_key_y, EC_POINT** p_ec_point);
* \fn int bin_to_ec_point(const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, EC_POINT** p_ec_point);
* \brief Convert a big number object into a public key
* \return 0 on success, -1 otherwise
*/
int bin_to_ec_point(const std::vector<unsigned char>& p_public_key_x, const std::vector<unsigned char>& p_public_key_y, EC_POINT** p_ec_point);
int bin_to_ec_point(const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, EC_POINT** p_ec_point);
/*!
* \fn int public_key_to_bin(std::vector<unsigned char>& p_bin_key);
* \fn int public_key_to_bin(OCTETSTRING& p_bin_key);
* \brief Convert a public key into a big number object
* \return 0 on success, -1 otherwise
*/
int public_key_to_bin(std::vector<unsigned char>& p_bin_key);
int public_key_to_bin(OCTETSTRING& p_bin_key);
 
/*int multiply_point_with_bn(const EC_POINT &a, const BIGNUM* b, EC_POINT **P);
// R: XY-coordinate compressed, S: Share Secret
/branches/STF525/ccsrc/Protocols/Security/sha256.cc
0,0 → 1,49
/*!
* \file sha256.cc
* \brief Source file for SHA-256 helper methods.
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#include <TTCN3.hh>
 
#include "sha256.hh"
 
int sha256::generate(const OCTETSTRING& p_buffer, OCTETSTRING& p_hash) {
// Sanity check
if (p_buffer.lengthof() == 0) {
p_hash = get_sha256_empty_string();
return 0;
}
 
return generate(static_cast<const unsigned char*>(p_buffer), p_buffer.lengthof(), p_hash);
}
 
int sha256::generate(const unsigned char* p_buffer, const size_t p_length, OCTETSTRING& p_hash) {
// Sanity check
if ((p_buffer == nullptr) || (p_length == 0)) {
p_hash = get_sha256_empty_string();
return 0;
}
 
// Resize data buffer
p_hash = int2oct(0, SHA256_DIGEST_LENGTH);
// Compute the hash value
::SHA256_Init(&_ctx);
::SHA256_Update(&_ctx, p_buffer, p_length);
::SHA256_Final(static_cast<unsigned char*>(p_hash.data()), &_ctx);
return 0;
};
 
/*!
* \fn const OCTETSTRING get_sha256_empty_string() const;
* \brief Return the SHA-256 of an empty string
* \return The SHA-256 of an empty string
*/
inline const OCTETSTRING sha256::get_sha256_empty_string() const {
static unsigned char sha256_empty_string[] = { 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 }; //! SHA-256 of an empty string
return OCTETSTRING(32, sha256_empty_string);
};
Property changes:
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+URL Id
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: ccsrc/Protocols/Security/sha256.hh
===================================================================
--- ccsrc/Protocols/Security/sha256.hh (revision 3341)
+++ ccsrc/Protocols/Security/sha256.hh (revision 3342)
@@ -10,11 +10,11 @@
*/
#pragma once
-#include <vector>
-
#include <openssl/sha.h>
#include <openssl/objects.h>
+class OCTETSTRING; //! TITAN forward declaration
+
/*!
* \class sha256
* \brief This class provides description of SHA-256 helper methods
@@ -33,26 +33,16 @@
virtual ~sha256() { };
/*!
- * \inline
- * \fn int generate(const std::vector<unsigned char> p_buffer, std::vector<unsigned char>& p_hash);
+ * \fn int generate(const OCTETSTRING& p_buffer, OCTETSTRING& p_hash);
* \brief Receive bytes formated data from the lower layers
* \param[in] p_buffer The data used to generate the SHA-256 hash
* \param[out] p_hash The SHA-256 hash value based of the provided data
* \return 0 on success, -1 otherwise
*/
- inline int generate(const std::vector<unsigned char> p_buffer, std::vector<unsigned char>& p_hash) {
- // Sanity check
- if (p_buffer.size() == 0) {
- p_hash = get_sha256_empty_string();
- return 0;
- }
-
- return generate(p_buffer.data(), p_buffer.size(), p_hash);
- };
+ int generate(const OCTETSTRING& p_buffer, OCTETSTRING& p_hash);
/*!
- * \inline
- * \fn int generate(const std::vector<unsigned char> p_buffer, std::vector<unsigned char>& p_hash);
+ * \fn int generate(const unsigned char* p_buffer, OCTETSTRING& p_hash);
* \brief Receive bytes formated data from the lower layers
* \param[in] p_buffer The data used to generate the SHA-256 hash
* \param[in] The length of the data buffer
@@ -59,30 +49,12 @@
* \param[out] p_hash The SHA-256 hash value based of the provided data
* \return 0 on success, -1 otherwise
*/
- inline int generate(const unsigned char *p_buffer, const size_t p_length, std::vector<unsigned char>& p_hash) {
- // Sanity check
- if (p_buffer == nullptr) {
- p_hash = get_sha256_empty_string();
- return 0;
- }
-
- // Resize data buffer
- p_hash.resize(SHA256_DIGEST_LENGTH);
- // Compute the hash value
- ::SHA256_Init(&_ctx);
- ::SHA256_Update(&_ctx, p_buffer, p_length);
- ::SHA256_Final(static_cast<unsigned char*>(p_hash.data()), &_ctx);
- return 0;
- };
+ int generate(const unsigned char* p_buffer, const size_t p_length, OCTETSTRING& p_hash);
/*!
- * \inline
- * \fn const std::vector<unsigned char> get_sha256_empty_string() const;
+ * \fn const OCTETSTRING get_sha256_empty_string() const;
* \brief Return the SHA-256 of an empty string
* \return The SHA-256 of an empty string
*/
- inline const std::vector<unsigned char> get_sha256_empty_string() {
- static unsigned char sha256_empty_string[] = { 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 }; //! SHA-256 of an empty string
- return std::vector<unsigned char>(sha256_empty_string, sha256_empty_string + 32);
- };
+ const OCTETSTRING get_sha256_empty_string() const;
}; // End of class sha256
/branches/STF525/ccsrc/Protocols/Security/sha384.cc
0,0 → 1,46
/*!
* \file sha384.cc
* \brief Sorce file for SHA-384 helper methods.
* \author ETSI STF525
* \copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
* \version 0.1
*/
#include <TTCN3.hh>
 
#include <TTCN3.hh>
 
#include "sha384.hh"
 
int sha384::generate(const OCTETSTRING& p_buffer, OCTETSTRING& p_hash) {
// Sanity check
if (p_buffer.lengthof() == 0) {
p_hash = get_sha384_empty_string();
return 0;
}
 
return generate(static_cast<const unsigned char*>(p_buffer), p_buffer.lengthof(), p_hash);
}
 
int sha384::generate(const unsigned char* p_buffer, const size_t p_length, OCTETSTRING& p_hash) {
// Sanity check
if ((p_buffer == nullptr) || (p_length == 0)) {
p_hash = get_sha384_empty_string();
return 0;
}
 
// Resize data buffer
p_hash = int2oct(0, SHA384_DIGEST_LENGTH);
// Compute the hash value
::SHA384_Init(&_ctx);
::SHA384_Update(&_ctx, p_buffer, p_length);
::SHA384_Final(static_cast<unsigned char*>(p_hash.data()), &_ctx);
return 0;
}
 
const OCTETSTRING sha384::get_sha384_empty_string() const {
static unsigned char sha384_empty_string[] = { 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b }; //! SHA-384 of an empty string
return OCTETSTRING(48, sha384_empty_string);
}
Property changes:
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+URL Id
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: ccsrc/Protocols/Security/sha384.hh
===================================================================
--- ccsrc/Protocols/Security/sha384.hh (revision 3341)
+++ ccsrc/Protocols/Security/sha384.hh (revision 3342)
@@ -10,11 +10,11 @@
*/
#pragma once
-#include <vector>
-
#include <openssl/sha.h>
#include <openssl/objects.h>
+class OCTETSTRING; //! TITAN forward declaration
+
/*!
* \class sha384
* \brief This class provides description of SHA-384 helper methods
@@ -33,25 +33,16 @@
virtual ~sha384() { };
/*!
- * \inline
- * \fn int generate(const std::vector<unsigned char> p_buffer, std::vector<unsigned char>& p_hash);
+ * \fn int generate(const OCTETSTRING& p_buffer, OCTETSTRING& p_hash);
* \brief Receive bytes formated data from the lower layers
* \param[in] p_buffer The data used to generate the SHA-384 hash
* \param[out] p_hash The SHA-384 hash value based of the provided data
* \return 0 on success, -1 otherwise
*/
- inline int generate(const std::vector<unsigned char> p_buffer, std::vector<unsigned char>& p_hash) {
- // Sanity check
- /*if (p_buffer.size() == 0) {
- return -1;
- }*/
-
- return generate(p_buffer.data(), p_buffer.size(), p_hash);
- };
+ int generate(const OCTETSTRING& p_buffer, OCTETSTRING& p_hash);
/*!
- * \inline
- * \fn int generate(const std::vector<unsigned char> p_buffer, std::vector<unsigned char>& p_hash);
+ * \fn int generate(const OCTETSTRING p_buffer, OCTETSTRING& p_hash);
* \brief Receive bytes formated data from the lower layers
* \param[in] p_buffer The data used to generate the SHA-384 hash
* \param[in] The length of the data buffer
@@ -58,28 +49,12 @@
* \param[out] p_hash The SHA-384 hash value based of the provided data
* \return 0 on success, -1 otherwise
*/
- inline int generate(const unsigned char *p_buffer, const size_t p_length, std::vector<unsigned char>& p_hash) {
- // Sanity check
- /*if (p_buffer == nullptr) {
- return -1;
- }*/
- // Resize data buffer
- p_hash.resize(SHA384_DIGEST_LENGTH);
- // Compute the hash value
- ::SHA384_Init(&_ctx);
- ::SHA384_Update(&_ctx, p_buffer, p_length);
- ::SHA384_Final(static_cast<unsigned char*>(p_hash.data()), &_ctx);
- return 0;
- };
+ int generate(const unsigned char* p_buffer, const size_t p_length, OCTETSTRING& p_hash);
/*!
- * \inline
- * \fn const std::vector<unsigned char> get_sha384_empty_string() const;
+ * \fn const OCTETSTRING get_sha384_empty_string() const;
* \brief Return the SHA-384 of an empty string
* \return The SHA-384 of an empty string
*/
- inline const std::vector<unsigned char> get_sha384_empty_string() {
- static unsigned char sha384_empty_string[] = { 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b }; //! SHA-384 of an empty string
- return std::vector<unsigned char>(sha384_empty_string, sha384_empty_string + 48);
- };
+ const OCTETSTRING get_sha384_empty_string() const;
}; // End of class sha384