Skip to content
LibItsSecurity_externals.cc 57.9 KiB
Newer Older
#include "LibItsSecurity_Functions.hh"

garciay's avatar
garciay committed
#include "sha256.hh"
#include "sha384.hh"
#include "hmac.hh"

garciay's avatar
garciay committed
#include "security_ecc.hh"
garciay's avatar
garciay committed

garciay's avatar
garciay committed
#include "security_services.hh"

#include <openssl/ec.h>
#include <openssl/ecdsa.h>
garciay's avatar
garciay committed

#include "loggers.hh"
namespace LibItsSecurity__Functions 
{

  // FIXME Unify code with security_services
  
garciay's avatar
garciay committed
  /**
   * \fn OCTETSTRING fx_hashWithSha256(const OCTETSTRING& p__toBeHashedData);
   * \brief Produces a 256-bit (32-byte) hash value
   * \param[in] p__toBeHashedData The data to be used to calculate the hash value
   * \return  The hash value
   */
garciay's avatar
garciay committed
  OCTETSTRING fx__hashWithSha256(
                                 const OCTETSTRING& p__toBeHashedData
                                 ) {
    sha256 hash;
garciay's avatar
garciay committed
    std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeHashedData), p__toBeHashedData.lengthof() + static_cast<const unsigned char *>(p__toBeHashedData));
garciay's avatar
garciay committed
    std::vector<unsigned char> hashData;
garciay's avatar
garciay committed
    hash.generate(tbh, hashData);
garciay's avatar
garciay committed
    return OCTETSTRING(hashData.size(), hashData.data());
  } // End of function fx__hashWithSha256

  /**
   * \fn OCTETSTRING fx_hashWithSha384(const OCTETSTRING& p__toBeHashedData);
   * \brief Produces a 384-bit (48-byte) hash value
   * \param[in] p__toBeHashedData Data to be used to calculate the hash value
   * \return The hash value
   */
garciay's avatar
garciay committed
  OCTETSTRING fx__hashWithSha384(
                                 const OCTETSTRING& p__toBeHashedData
                                 ) {
    sha384 hash;
garciay's avatar
garciay committed
    std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeHashedData), p__toBeHashedData.lengthof() + static_cast<const unsigned char *>(p__toBeHashedData));
garciay's avatar
garciay committed
    std::vector<unsigned char> hashData;
garciay's avatar
garciay committed
    hash.generate(tbh, hashData);
garciay's avatar
garciay committed
    return OCTETSTRING(hashData.size(), hashData.data());
  } // End of function fx__hashWithSha384

garciay's avatar
garciay committed
  /**
   * \fn OCTETSTRING fx__signWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey);
   * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
   * \param[in] p__toBeSignedSecuredMessage The data to be signed
   * \param[in] p__privateKey The private key
   * \return The signature value
   */
garciay's avatar
garciay committed
  OCTETSTRING fx__signWithEcdsaNistp256WithSha256(
                                                  const OCTETSTRING& p__toBeSignedSecuredMessage,
                                                  const OCTETSTRING& p__privateKey
garciay's avatar
garciay committed
                                                  ) {
garciay's avatar
garciay committed
    // Calculate the SHA256 of the data
garciay's avatar
garciay committed
    sha256 hash;
    std::vector<unsigned char> hashData;
    // TODO Create SHX interface and add generate method with std::vector
garciay's avatar
garciay committed
    std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage));
    hash.generate(tbs, hashData);
    // Calculate the signature
garciay's avatar
garciay committed
    std::vector<unsigned char> p_key(static_cast<const unsigned char *>(p__privateKey), static_cast<const unsigned char *>(p__privateKey) + p__privateKey.lengthof());
garciay's avatar
garciay committed
    security_ecc k(ec_elliptic_curves::nist_p_256, p_key);
garciay's avatar
garciay committed
    std::vector<unsigned char> r_sig;
    std::vector<unsigned char> s_sig;
    if (k.sign(hashData, r_sig, s_sig) == 0) {
      OCTETSTRING os(r_sig.size(), r_sig.data());
      // loggers::get_instance().log_to_hexa("r_sig= ", os); 
      // loggers::get_instance().log_to_hexa("s_sig= ", OCTETSTRING(s_sig.size(), s_sig.data()); 
      os += OCTETSTRING(s_sig.size(), s_sig.data());
      // loggers::get_instance().log_to_hexa("sig= ", os); 
garciay's avatar
garciay committed
      return os;
    }

    return OCTETSTRING();
  }
garciay's avatar
garciay committed
  /**
   * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey);
   * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
   * \param[in] p__toBeSignedSecuredMessage The data to be signed
   * \param[in] p__privateKey The private key
   * \return The signature value
   */
garciay's avatar
garciay committed
  OCTETSTRING fx__signWithEcdsaBrainpoolp256WithSha256(
                                                       const OCTETSTRING& p__toBeSignedSecuredMessage,
                                                       const OCTETSTRING& p__privateKey
garciay's avatar
garciay committed
                                                       ) {
garciay's avatar
garciay committed
    // Calculate the SHA256 of the data
    sha256 hash;
    std::vector<unsigned char> hashData;
    // TODO Create SHX interface and add generate method with std::vector
    std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage));
    hash.generate(tbs, hashData);
    // Calculate the signature
garciay's avatar
garciay committed
    std::vector<unsigned char> p_key(static_cast<const unsigned char *>(p__privateKey), static_cast<const unsigned char *>(p__privateKey) + p__privateKey.lengthof());
garciay's avatar
garciay committed
    security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, p_key);
garciay's avatar
garciay committed
    std::vector<unsigned char> r_sig;
    std::vector<unsigned char> s_sig;
    if (k.sign(hashData, r_sig, s_sig) == 0) {
      OCTETSTRING os(r_sig.size(), r_sig.data());
      // loggers::get_instance().log_to_hexa("r_sig= ", os); 
      // loggers::get_instance().log_to_hexa("s_sig= ", OCTETSTRING(s_sig.size(), s_sig.data()); 
      os += OCTETSTRING(s_sig.size(), s_sig.data());
      // loggers::get_instance().log_to_hexa("sig= ", os); 
garciay's avatar
garciay committed
      return os;
    }

    return OCTETSTRING();
  }

  /**
   * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey);
   * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
   * \param[in] p__toBeSignedSecuredMessage The data to be signed
   * \param[in] p__privateKey The private key
   * \return The signature value
   */
garciay's avatar
garciay committed
  OCTETSTRING fx__signWithEcdsaBrainpoolp384WithSha384(
                                                       const OCTETSTRING& p__toBeSignedSecuredMessage,
                                                       const OCTETSTRING& p__privateKey
garciay's avatar
garciay committed
                                                       ) {
garciay's avatar
garciay committed
    // Calculate the SHA384 of the data
    sha384 hash;
    std::vector<unsigned char> hashData;
    // TODO Create SHX interface and add generate method with std::vector
    std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage));
    hash.generate(tbs, hashData);
    // Calculate the signature
garciay's avatar
garciay committed
    std::vector<unsigned char> p_key(static_cast<const unsigned char *>(p__privateKey), static_cast<const unsigned char *>(p__privateKey) + p__privateKey.lengthof());
garciay's avatar
garciay committed
    security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, p_key);
garciay's avatar
garciay committed
    std::vector<unsigned char> r_sig;
    std::vector<unsigned char> s_sig;
    if (k.sign(hashData, r_sig, s_sig) == 0) {
      OCTETSTRING os(r_sig.size(), r_sig.data());
      //loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: r_sig= ", os); 
      //loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: s_sig= ", OCTETSTRING(s_sig.size(), s_sig.data())); 
garciay's avatar
garciay committed
      os += OCTETSTRING(s_sig.size(), s_sig.data());
      //loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: sig= ", os); 
garciay's avatar
garciay committed
      return os;
    }

    return OCTETSTRING();
  }

garciay's avatar
garciay committed
  /**
   * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaNistp256PublicKeyX, const OCTETSTRING& p__ecdsaNistp256PublicKeyY);
   * \brief Verify the signature of the specified data
   * \param[in] p__toBeVerifiedData The data to be verified
   * \param[in] p__signature The signature
   * \param[in] p__ecdsaNistp256PublicKeyX The public key (x coordinate)
   * \param[in] p__ecdsaNistp256PublicKeyY The public key (y coordinate)
   * \return true on success, false otherwise
   */
garciay's avatar
garciay committed
  BOOLEAN fx__verifyWithEcdsaNistp256WithSha256(
                                                const OCTETSTRING& p__toBeVerifiedData,
                                                const OCTETSTRING& p__signature,
                                                const OCTETSTRING& p__ecdsaNistp256PublicKeyX,
                                                const OCTETSTRING& p__ecdsaNistp256PublicKeyY
                                                ) {
garciay's avatar
garciay committed
    // Calculate the hash
garciay's avatar
garciay committed
    sha256 hash;
    std::vector<unsigned char> hashData;
    // TODO Create SHX interface and add generate method with std::vector
garciay's avatar
garciay committed
    std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), static_cast<const unsigned char *>(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof());
    hash.generate(tbh, hashData);
    // Check the signature
garciay's avatar
garciay committed
    std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
    std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX) + p__ecdsaNistp256PublicKeyX.lengthof());
    std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY) + p__ecdsaNistp256PublicKeyY.lengthof());
garciay's avatar
garciay committed
    security_ecc k(ec_elliptic_curves::nist_p_256, pub_key_x, pub_key_y);
garciay's avatar
garciay committed
    if (k.sign_verif(hashData, signature) == 0) {
      return TRUE;
garciay's avatar
garciay committed
    return FALSE;
garciay's avatar
garciay committed
  }
garciay's avatar
garciay committed
  /**
   * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY);
   * \brief Verify the signature of the specified data
   * \param[in] p__toBeVerifiedData The data to be verified
   * \param[in] p__signature The signature
   * \param[in] p__ecdsaBrainpoolp256PublicKeyX The public key (x coordinate)
   * \param[in] p__ecdsaBrainpoolp256PublicKeyY The public key (y coordinate)
   * \return true on success, false otherwise
   */
garciay's avatar
garciay committed
  BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256(
                                                     const OCTETSTRING& p__toBeVerifiedData,
                                                     const OCTETSTRING& p__signature,
                                                     const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyX,
                                                     const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY
garciay's avatar
garciay committed
                                                     ) {
garciay's avatar
garciay committed
    // Calculate the hash
    sha256 hash;
    std::vector<unsigned char> hashData;
    // TODO Create SHX interface and add generate method with std::vector
    std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), static_cast<const unsigned char *>(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof());
    hash.generate(tbh, hashData);
    // Check the signature
garciay's avatar
garciay committed
    std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
    std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyX), static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyX) + p__ecdsaBrainpoolp256PublicKeyX.lengthof());
    std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyY), static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyY) + p__ecdsaBrainpoolp256PublicKeyY.lengthof());
garciay's avatar
garciay committed
    security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, pub_key_x, pub_key_y);
garciay's avatar
garciay committed
    if (k.sign_verif(hashData, signature) == 0) {
      return TRUE;
    }

    return FALSE;
  }

  /**
   * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY);
   * \brief Verify the signature of the specified data
   * \param[in] p__toBeVerifiedData The data to be verified
   * \param[in] p__signature The signature
   * \param[in] p__ecdsaBrainpoolp384PublicKeyX The public key (x coordinate)
   * \param[in] p__ecdsaBrainpoolp384PublicKeyY The public key (y coordinate)
   * \return true on success, false otherwise
   */
garciay's avatar
garciay committed
  BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384(
                                                     const OCTETSTRING& p__toBeVerifiedData,
                                                     const OCTETSTRING& p__signature,
                                                     const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyX,
                                                     const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY
garciay's avatar
garciay committed
                                                     ) {
garciay's avatar
garciay committed
    // Calculate the hash
    sha384 hash;
    std::vector<unsigned char> hashData;
    // TODO Create SHX interface and add generate method with std::vector
    std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), static_cast<const unsigned char *>(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof());
    hash.generate(tbh, hashData);
    // Check the signature
garciay's avatar
garciay committed
    std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
    std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyX), static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyX) + p__ecdsaBrainpoolp384PublicKeyX.lengthof());
    std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyY), static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyY) + p__ecdsaBrainpoolp384PublicKeyY.lengthof());
garciay's avatar
garciay committed
    security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, pub_key_x, pub_key_y);
garciay's avatar
garciay committed
    if (k.sign_verif(hashData, signature) == 0) {
      return TRUE;
    }

    return FALSE;
  }
  /**
   * \fn OCTETSTRING fx__test__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m);
   * \brief Generate a HMAC-SHA256 value based on the provided secret key
   * \param[in] p__k The secret key used for the HMAC calculation
   * \param[in] p__m The message
   * \return The HMAC value resized to 16-byte
   */
  OCTETSTRING fx__test__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) {
    loggers::get_instance().log(">>> fx__test__hmac__sha256");

    hmac h(hash_algorithms::sha_256); // TODO Use ec_encryption_algorithm
    std::vector<unsigned char> k(static_cast<const unsigned char *>(p__k), p__k.lengthof() + static_cast<const unsigned char *>(p__k));
    std::vector<unsigned char> m(static_cast<const unsigned char *>(p__m), p__m.lengthof() + static_cast<const unsigned char *>(p__m));
    std::vector<unsigned char> t;
    if (h.generate(m, k, t) == -1) {
      loggers::get_instance().warning("fx__test__hmac__sha256: Failed to generate HMAC");
      return OCTETSTRING();
    }

    OCTETSTRING os(t.size(), t.data());
    loggers::get_instance().log_to_hexa("fx__test__hmac__sha256: HMAC: ", os);

    return os;
  }

  /**
   * \fn OCTETSTRING fx__test__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt);
   * \brief Encrypt the message using AES 128 CCM algorithm
   * \param[in] p__k The symmetric encryption key
   * \param[in] p__n The initial vector, nonce vector
   * \param[in] p__pt The message to encrypt
   * \return The encrypted message concatenated to the AES 128 CCM tag
   */
  OCTETSTRING fx__test__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) {
    loggers::get_instance().log(">>> fx__test__encrypt__aes__128__ccm__test");
    
garciay's avatar
garciay committed
    security_ecc ec(ec_elliptic_curves::nist_p_256);
    std::vector<unsigned char> k(static_cast<const unsigned char *>(p__k), p__k.lengthof() + static_cast<const unsigned char *>(p__k));
    std::vector<unsigned char> n(static_cast<const unsigned char *>(p__n), p__n.lengthof() + static_cast<const unsigned char *>(p__n));
    std::vector<unsigned char> pt(static_cast<const unsigned char *>(p__pt), p__pt.lengthof() + static_cast<const unsigned char *>(p__pt));

garciay's avatar
garciay committed
    std::vector<unsigned char> enc_message;
    if (ec.encrypt(encryption_algotithm::aes_128_ccm, k, n, pt, enc_message) == -1) {
      loggers::get_instance().warning("fx__test__encrypt__aes__128__ccm__test: Failed to encrypt message");
garciay's avatar
garciay committed
      return OCTETSTRING();
    }
    OCTETSTRING os(enc_message.size(), enc_message.data());
    os = os + OCTETSTRING(ec.tag().size(), ec.tag().data());
    loggers::get_instance().log_to_hexa("fx__test__encrypt__aes__128__ccm__test: encrypted message: ", os);

    return os;
  }
  
   * \fn OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct);
   * \brief Encrypt the message using AES 128 CCM algorithm
   * \param[in] p__k The symmetric encryption key
   * \param[in] p__n The initial vector, nonce vector
   * \param[in] p__ct The encrypted message concatenated to the AES 128 CCM tag
   * \return The original message
   */
  OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct) {
    loggers::get_instance().log(">>> fx__test__decrypt__aes__128__ccm__test");
    
    security_ecc ec(ec_elliptic_curves::nist_p_256);
    std::vector<unsigned char> k(static_cast<const unsigned char *>(p__k), p__k.lengthof() + static_cast<const unsigned char *>(p__k));
    std::vector<unsigned char> n(static_cast<const unsigned char *>(p__n), p__n.lengthof() + static_cast<const unsigned char *>(p__n));
    std::vector<unsigned char> ct(static_cast<const unsigned char *>(p__ct), p__ct.lengthof() + static_cast<const unsigned char *>(p__ct));
    // Extract the tag
    std::vector<unsigned char> tag(16, 0x00);
    std::copy(ct.end() - tag.size(), ct.end(), tag.begin());
    loggers::get_instance().log_to_hexa("fx__test__decrypt__aes__128__ccm__test: tag: ", tag.data(), tag.size());
    // Remove the tag from the end of the encrypted message
    ct.resize(ct.size() - tag.size());
    
    std::vector<unsigned char> message;
    if (ec.decrypt(encryption_algotithm::aes_128_ccm, k, n, tag, ct, message) == -1) {
      loggers::get_instance().warning("fx__test__decrypt__aes__128__ccm__test: Failed to decrypt message");
      return OCTETSTRING();
    }
    OCTETSTRING os(message.size(), message.data());
    loggers::get_instance().log_to_hexa("fx__test__decrypt__aes__128__ccm__test: decrypted message: ", os);
    
    return os;
  }
  
  /**
   * \fn OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyX, const OCTETSTRING& p__recipientsPublicKeyY, OCTETSTRING& p__publicEphemeralKeyX, OCTETSTRING& p__publicEphemeralKeyY, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce);
   * \brief Encrypt the message using ECIES algprithm to encrypt AES 128 CCM symmetric key, as defined in IEEE Std 1609.2-2017
   * \param[in] p__toBeEncryptedSecuredMessage The message to be encrypted
   * \param[in] p__recipientsPublicKeyX The public recipient's key X-coordinate
   * \param[in] p__recipientsPublicKeyV The public recipient's key Y-coordinate
   * \param[out] p__publicEphemeralKeyX The public ephemeral key X-coordinate
   * \param[out] p__publicEphemeralKeyY The public ephemeral key Y-coordinate
   * \param[out] p__encrypted__sym__key The encrypted AES 128 symmetric key
   * \param[out] p__authentication__vector The tag of the encrypted AES 128 symmetric key
   * \param[out] p__nonce The nonce vector
   * \return The original message
   * \see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES
   * \see https://www.nominet.uk/researchblog/how-elliptic-curve-cryptography-encryption-works/
   * \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf
   */
  // TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
  OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyX, const OCTETSTRING& p__recipientsPublicKeyY, OCTETSTRING& p__publicEphemeralKeyX, OCTETSTRING& p__publicEphemeralKeyY, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
    loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage);
    loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyX: ", p__recipientsPublicKeyX);
    loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyY: ", p__recipientsPublicKeyY);
    
    // 1. Generate new Private/Public key
    security_ecc ec(ec_elliptic_curves::nist_p_256);
    if (ec.generate() == -1) {
      loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys");
      return OCTETSTRING();
    }
    // 2. Generate and derive shared secret
    std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
    std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
      loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
      return OCTETSTRING();
    }
    // Set the encrypted symmetric key
    p__encrypted__sym__key = OCTETSTRING(ec.encrypted_symmetric_key().size(), ec.encrypted_symmetric_key().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: Encrypted symmetric key: ", p__encrypted__sym__key);
    // Set the tag of the symmetric key encryption
    p__authentication__vector = OCTETSTRING(ec.tag().size(), ec.tag().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector);
    // Set ephemeral public keys
    p__publicEphemeralKeyX = OCTETSTRING(ec.public_key_x().size(), ec.public_key_x().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: Ephemeral public key X: ", p__publicEphemeralKeyX);
    p__publicEphemeralKeyY = OCTETSTRING(ec.public_key_y().size(), ec.public_key_y().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: Ephemeral public key Y: ", p__publicEphemeralKeyY);
    // 3. Retrieve AES 128 parameters
    p__nonce = OCTETSTRING(ec.nonce().size(), ec.nonce().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce);
    OCTETSTRING enc_symm_key = OCTETSTRING(ec.symmetric_encryption_key().size(), ec.symmetric_encryption_key().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: enc_symm_key: ", enc_symm_key);
    // 4. Encrypt the data using AES-128 CCM
    std::vector<unsigned char> message(static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage), p__toBeEncryptedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage));
    std::vector<unsigned char> enc_message;
    if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), message, enc_message) == -1) {
garciay's avatar
garciay committed
      loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to encrypt message");
      return OCTETSTRING();
garciay's avatar
garciay committed
    }
    enc_message.insert(enc_message.end(), std::make_move_iterator(ec.tag().begin()), std::make_move_iterator(ec.tag().end()));
    OCTETSTRING os(enc_message.size(), enc_message.data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: enc message||Tag: ", os);
    
  /**
   * \fn OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyX, const OCTETSTRING& p__publicEphemeralKeyY, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce);
   * \brief Decrypt the message using ECIES algprithm to decrypt AES 128 CCM symmetric key, as defined in IEEE Std 1609.2-2017
   * \param[in] p__encryptedSecuredMessage The encrypted message
   * \param[in] p__privateEncKey The private encryption key
   * \param[in] p__publicEphemeralKeyX The public ephemeral key X-coordinate
   * \param[in] p__publicEphemeralKeyY The public ephemeral key Y-coordinate
   * \param[in] p__encrypted__sym__key The encrypted AES 128 symmetric key
   * \param[in] p__authentication__vector The tag of the encrypted AES 128 symmetric key
   * \param[in] p__nonce The nonce vector
   * \return The original message
   * \see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES
   * \see https://www.nominet.uk/researchblog/how-elliptic-curve-cryptography-encryption-works/
   * \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf
   */
  // TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
  OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyX, const OCTETSTRING& p__publicEphemeralKeyY, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce) {
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__encryptedSecuredMessage);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__privateEncKey: ", p__privateEncKey);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__publicEphemeralKeyX: ", p__publicEphemeralKeyX);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__publicEphemeralKeyY: ", p__publicEphemeralKeyY);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
    // 1. Create security_ecc instance
    std::vector<unsigned char> private_enc_key(static_cast<const unsigned char*>(p__privateEncKey), p__privateEncKey.lengthof() + static_cast<const unsigned char*>(p__privateEncKey));
    security_ecc ec(ec_elliptic_curves::nist_p_256, private_enc_key);
    
    // 2. Generate the shared secret value based on recipient's public ephemeral keys will be required
    std::vector<unsigned char> ephemeral_public_key_x(static_cast<const unsigned char*>(p__publicEphemeralKeyX), p__publicEphemeralKeyX.lengthof() + static_cast<const unsigned char*>(p__publicEphemeralKeyX));
    std::vector<unsigned char> ephemeral_public_key_y(static_cast<const unsigned char*>(p__publicEphemeralKeyY), p__publicEphemeralKeyY.lengthof() + static_cast<const unsigned char*>(p__publicEphemeralKeyY));
    std::vector<unsigned char> enc_sym_key(static_cast<const unsigned char*>(p__encrypted__sym__key), p__encrypted__sym__key.lengthof() + static_cast<const unsigned char*>(p__encrypted__sym__key));
    std::vector<unsigned char> nonce(static_cast<const unsigned char*>(p__nonce), p__nonce.lengthof() + static_cast<const unsigned char*>(p__nonce));
    std::vector<unsigned char> authentication_vector(static_cast<const unsigned char*>(p__authentication__vector), p__authentication__vector.lengthof() + static_cast<const unsigned char*>(p__authentication__vector));
    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, private_enc_key, ephemeral_public_key_x, ephemeral_public_key_y, enc_sym_key, nonce, authentication_vector) == -1) {
      loggers::get_instance().warning("fx__decryptWithEciesNistp256WithSha256: Failed to generate shared secret");
      return OCTETSTRING();
    }
    // Decrypt the message
    std::vector<unsigned char> enc_message(static_cast<const unsigned char*>(p__encryptedSecuredMessage), p__encryptedSecuredMessage.lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p__encryptedSecuredMessage));
    loggers::get_instance().log_to_hexa("fx__decryptWithEciesNistp256WithSha256: enc_message: ", enc_message.data(), enc_message.size());
    std::vector<unsigned char> tag(p__encryptedSecuredMessage.lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p__encryptedSecuredMessage), p__encryptedSecuredMessage.lengthof() + static_cast<const unsigned char*>(p__encryptedSecuredMessage));
    loggers::get_instance().log_to_hexa("fx__decryptWithEciesNistp256WithSha256: tag: ", tag.data(), tag.size());
    std::vector<unsigned char> message;
    if (ec.decrypt(tag, enc_message, message) == -1) {
      loggers::get_instance().warning("fx__decryptWithEciesNistp256WithSha256: Failed to generate shared secret");
      return OCTETSTRING();
    }
    
    OCTETSTRING os(message.size(), message.data());
    loggers::get_instance().log_to_hexa("fx__decryptWithEciesNistp256WithSha256: dec message: ", os);
    
    return os;
  OCTETSTRING fx__encryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyX, const OCTETSTRING& p__recipientsPublicKeyY, OCTETSTRING& p__publicEphemeralKeyX, OCTETSTRING& p__publicEphemeralKeyY, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
    loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage);
    loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__recipientsPublicKeyX: ", p__recipientsPublicKeyX);
    loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__recipientsPublicKeyY: ", p__recipientsPublicKeyY);

    // 1. Generate new Private/Public key
    security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1);
    if (ec.generate() == -1) {
      loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate ephemeral keys");
      return OCTETSTRING();
    }
    // 2. Generate and derive shared secret
    std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
    std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
      loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key");
      return OCTETSTRING();
    }
    // Set the encrypted symmetric key
    p__encrypted__sym__key = OCTETSTRING(ec.encrypted_symmetric_key().size(), ec.encrypted_symmetric_key().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: Encrypted symmetric key: ", p__encrypted__sym__key);
    // Set the tag of the symmetric key encryption
    p__authentication__vector = OCTETSTRING(ec.tag().size(), ec.tag().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector);
    // Set ephemeral public keys
    p__publicEphemeralKeyX = OCTETSTRING(ec.public_key_x().size(), ec.public_key_x().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: Ephemeral public key X: ", p__publicEphemeralKeyX);
    p__publicEphemeralKeyY = OCTETSTRING(ec.public_key_y().size(), ec.public_key_y().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: Ephemeral public key Y: ", p__publicEphemeralKeyY);
    // 3. Retrieve AES 128 parameters
    p__nonce = OCTETSTRING(ec.nonce().size(), ec.nonce().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: p__nonce: ", p__nonce);
    OCTETSTRING enc_symm_key = OCTETSTRING(ec.symmetric_encryption_key().size(), ec.symmetric_encryption_key().data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: enc_symm_key: ", enc_symm_key);
    // 4. Encrypt the data using AES-128 CCM
    std::vector<unsigned char> message(static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage), p__toBeEncryptedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage));
    std::vector<unsigned char> enc_message;
    if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), message, enc_message) == -1) {
      loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to encrypt message");
      return OCTETSTRING();
    }
    enc_message.insert(enc_message.end(), std::make_move_iterator(ec.tag().begin()), std::make_move_iterator(ec.tag().end()));
    OCTETSTRING os(enc_message.size(), enc_message.data());
    loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: enc message||Tag: ", os);

    return os;
  }

  OCTETSTRING fx__decryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyX, const OCTETSTRING& p__publicEphemeralKeyY, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce) {
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__encryptedSecuredMessage);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__privateEncKey: ", p__privateEncKey);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__publicEphemeralKeyX: ", p__publicEphemeralKeyX);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__publicEphemeralKeyY: ", p__publicEphemeralKeyY);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__nonce: ", p__nonce);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector);
    loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);

    // 1. Create security_ecc instance
    std::vector<unsigned char> private_enc_key(static_cast<const unsigned char*>(p__privateEncKey), p__privateEncKey.lengthof() + static_cast<const unsigned char*>(p__privateEncKey));
    security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1, private_enc_key);

    // 2. Generate the shared secret value based on recipient's public ephemeral keys will be required
    std::vector<unsigned char> ephemeral_public_key_x(static_cast<const unsigned char*>(p__publicEphemeralKeyX), p__publicEphemeralKeyX.lengthof() + static_cast<const unsigned char*>(p__publicEphemeralKeyX));
    std::vector<unsigned char> ephemeral_public_key_y(static_cast<const unsigned char*>(p__publicEphemeralKeyY), p__publicEphemeralKeyY.lengthof() + static_cast<const unsigned char*>(p__publicEphemeralKeyY));
    std::vector<unsigned char> enc_sym_key(static_cast<const unsigned char*>(p__encrypted__sym__key), p__encrypted__sym__key.lengthof() + static_cast<const unsigned char*>(p__encrypted__sym__key));
    std::vector<unsigned char> nonce(static_cast<const unsigned char*>(p__nonce), p__nonce.lengthof() + static_cast<const unsigned char*>(p__nonce));
    std::vector<unsigned char> authentication_vector(static_cast<const unsigned char*>(p__authentication__vector), p__authentication__vector.lengthof() + static_cast<const unsigned char*>(p__authentication__vector));
    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, private_enc_key, ephemeral_public_key_x, ephemeral_public_key_y, enc_sym_key, nonce, authentication_vector) == -1) {
      loggers::get_instance().warning("fx__decryptWithEciesBrainpoolp256WithSha256: Failed to generate shared secret");
      return OCTETSTRING();
    }

    // Decypt the message
    std::vector<unsigned char> enc_message(static_cast<const unsigned char*>(p__encryptedSecuredMessage), p__encryptedSecuredMessage.lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p__encryptedSecuredMessage));
    loggers::get_instance().log_to_hexa("fx__decryptWithEciesBrainpoolp256WithSha256: enc_message: ", enc_message.data(), enc_message.size());
    std::vector<unsigned char> tag(p__encryptedSecuredMessage.lengthof() - ec.tag().size() + static_cast<const unsigned char*>(p__encryptedSecuredMessage), p__encryptedSecuredMessage.lengthof() + static_cast<const unsigned char*>(p__encryptedSecuredMessage));
    loggers::get_instance().log_to_hexa("fx__decryptWithEciesBrainpoolp256WithSha256: tag: ", tag.data(), tag.size());
    std::vector<unsigned char> message;
    if (ec.decrypt(tag, enc_message, message) == -1) {
      loggers::get_instance().warning("fx__decryptWithEciesBrainpoolp256WithSha256: Failed to generate shared secret");
      return OCTETSTRING();
    }

    OCTETSTRING os(message.size(), message.data());
    loggers::get_instance().log_to_hexa("fx__decryptWithEciesBrainpoolp256WithSha256: dec message: ", os);

    return os;
  }

garciay's avatar
garciay committed
  /**
   * \brief    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
garciay's avatar
garciay committed
   *          This function should not be used by the ATS
   * \param   p_privateKey    The new private key value
   * \param   p_publicKeyX    The new public key value (x coordinate)
   * \param   p_publicKeyX    The new public key value (y coordinate)
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
   fx_generateKeyPair_nistp256(out octetstring<UInt64> p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
garciay's avatar
garciay committed
  */
garciay's avatar
garciay committed
  BOOLEAN fx__generateKeyPair__nistp256(
                                        OCTETSTRING& p__privateKey,
                                        OCTETSTRING& p__publicKeyX,
                                        OCTETSTRING& p__publicKeyY
garciay's avatar
garciay committed
                                        ) {
garciay's avatar
garciay committed
    security_ecc k(ec_elliptic_curves::nist_p_256);
garciay's avatar
garciay committed
    if (k.generate() != 0) {
      p__privateKey = OCTETSTRING();
      p__publicKeyX = OCTETSTRING();
garciay's avatar
garciay committed
      p__publicKeyY = OCTETSTRING();
      return FALSE;
    }
garciay's avatar
garciay committed
    // Sanity checks
    if (k.private_key().size() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid private key size");
      return FALSE;
    }
    if (k.public_key_x().size() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key X-coordonate size");
      return FALSE;
    }
    if (k.public_key_y().size() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key Y-coordonate size");
      return FALSE;
    }
garciay's avatar
garciay committed
    p__privateKey = OCTETSTRING(k.private_key().size(), k.private_key().data());
    p__publicKeyX = OCTETSTRING(k.public_key_x().size(), k.public_key_x().data());
    p__publicKeyY = OCTETSTRING(k.public_key_y().size(), k.public_key_y().data());
    return TRUE;
  }

  /**
   * \brief    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
garciay's avatar
garciay committed
   *          This function should not be used by the ATS
   * \param   p_privateKey    The new private key value
   * \param   p_publicKeyX    The new public key value (x coordinate)
   * \param   p_publicKeyX    The new public key value (y coordinate)
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
   fx_generateKeyPair_nistp256(out octetstring<UInt64> p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
  */
  BOOLEAN fx__generateKeyPair__brainpoolp256(
                                             OCTETSTRING& p__privateKey,
                                             OCTETSTRING& p__publicKeyX,
                                             OCTETSTRING& p__publicKeyY
garciay's avatar
garciay committed
                                             ) {
garciay's avatar
garciay committed
    security_ecc k(ec_elliptic_curves::brainpool_p_256_r1);
garciay's avatar
garciay committed
    if (k.generate() != 0) {
      p__privateKey = OCTETSTRING();
      p__publicKeyX = OCTETSTRING();
      p__publicKeyY = OCTETSTRING();
      return FALSE;
    }

garciay's avatar
garciay committed
    // Sanity checks
    if (k.private_key().size() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid private key size");
      return FALSE;
    }
    if (k.public_key_x().size() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key X-coordonate size");
      return FALSE;
    }
    if (k.public_key_y().size() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key Y-coordonate size");
      return FALSE;
    }
garciay's avatar
garciay committed
    p__privateKey = OCTETSTRING(k.private_key().size(), k.private_key().data());
    p__publicKeyX = OCTETSTRING(k.public_key_x().size(), k.public_key_x().data());
    p__publicKeyY = OCTETSTRING(k.public_key_y().size(), k.public_key_y().data());
    return TRUE;
  }

  /**
   * \brief    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
garciay's avatar
garciay committed
   *          This function should not be used by the ATS
   * \param   p_privateKey    The new private key value
   * \param   p_publicKeyX    The new public key value (x coordinate)
   * \param   p_publicKeyX    The new public key value (y coordinate)
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
   fx_generateKeyPair_nistp256(out octetstring<UInt64> p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
  */
  BOOLEAN fx__generateKeyPair__brainpoolp384(
                                             OCTETSTRING& p__privateKey,
                                             OCTETSTRING& p__publicKeyX,
                                             OCTETSTRING& p__publicKeyY
garciay's avatar
garciay committed
                                             ) {
garciay's avatar
garciay committed
    security_ecc k(ec_elliptic_curves::brainpool_p_384_r1);
garciay's avatar
garciay committed
    if (k.generate() != 0) {
      p__privateKey = OCTETSTRING();
      p__publicKeyX = OCTETSTRING();
garciay's avatar
garciay committed
      p__publicKeyY = OCTETSTRING();
      return FALSE;
    }

garciay's avatar
garciay committed
    // Sanity checks
    if (k.private_key().size() != 48) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid private key size");
      return FALSE;
    }
    if (k.public_key_x().size() != 48) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key X-coordonate size");
      return FALSE;
    }
    if (k.public_key_y().size() != 48) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key Y-coordonate size");
      return FALSE;
    }
garciay's avatar
garciay committed
    p__privateKey = OCTETSTRING(k.private_key().size(), k.private_key().data());
    p__publicKeyX = OCTETSTRING(k.public_key_x().size(), k.public_key_x().data());
    p__publicKeyY = OCTETSTRING(k.public_key_y().size(), k.public_key_y().data());
    return TRUE;
garciay's avatar
garciay committed

  //        group encryption

  //        group certificatesLoader

   * \brief    Load in memory cache the certificates available in the specified directory
   * \param   p_rootDirectory Root directory to access to the certificates identified by the certificate ID
   * \param   p_configId      A configuration identifier
garciay's avatar
garciay committed
   * @remark  This method SHALL be call before any usage of certificates
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
   fx_loadCertificates(in charstring p_rootDirectory, in charstring p_configId) return boolean;
  */
  BOOLEAN fx__loadCertificates(
                               const CHARSTRING& p__rootDirectory,
                               const CHARSTRING& p__configId
                               ) {
    loggers::get_instance().log(">>> fx__loadCertificates: '%s', '%s'", static_cast<const char*>(p__rootDirectory), static_cast<const char*>(p__configId));

    std::string str(static_cast<const char*>(p__rootDirectory));
    if (p__configId.lengthof() != 0) {
      str += "/";
      str += std::string(static_cast<const char*>(p__configId));
    }
garciay's avatar
garciay committed
    Params params;
    params.insert(std::pair<std::string, std::string>(std::string("sec_db_path"), str));
garciay's avatar
garciay committed
    if (security_services::get_instance().setup(params) == -1) {
      return FALSE;
    }
    
garciay's avatar
garciay committed
    return TRUE;
  }

  BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y) {
    loggers::get_instance().log(">>> fx__store__certificate: '%s'", static_cast<const char*>(p__cert__id));

    int result;
    if (!p__private__enc__key.is_omit()) {
      const OCTETSTRING private_enc_key = p__private__enc__key.valueof();
      const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof();
      const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof();
      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__hashid8, p__issuer, private_enc_key, public_enc_key_x, public_enc_key_y);
    } else {
      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__hashid8, p__issuer, OCTETSTRING(), OCTETSTRING(), OCTETSTRING());
    return (result == 0);
   * \brief    Unload from memory cache the certificates
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
  BOOLEAN fx__unloadCertificates(
garciay's avatar
garciay committed
    return TRUE;
  }

   * \brief    Read the specified certificate
   * \param   p_certificateId the certificate identifier
   * \param   p_certificate   the expected certificate
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
  BOOLEAN fx__readCertificate(
                              const CHARSTRING& p__certificateId,
                              OCTETSTRING& p__certificate
                              ) {
    loggers::get_instance().log(">>> fx__readCertificate: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_certificate(p__certificateId, p__certificate) == -1) {
      return FALSE;
    }
    
garciay's avatar
garciay committed
    return TRUE;
  }

  BOOLEAN fx__readCertificateFromDigest(
                                        const OCTETSTRING& p__digest,
                                        CHARSTRING& p__certificateId) {
    loggers::get_instance().log_msg(">>> fx__readCertificateFromDigest: ", p__digest);
garciay's avatar
garciay committed

    if (security_services::get_instance().read_certificate_from_digest(p__digest, p__certificateId) == -1) {
      return FALSE;
    }
    loggers::get_instance().log_msg("fx__readCertificateFromDigest: ", p__certificateId);
    
    return TRUE;
  }
  
   * \brief    Read the specified certificate digest
   * \param   p_certificateId the certificate identifier
   * \param   p_digest   the expected certificate
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
  BOOLEAN fx__readCertificateDigest(
                                    const CHARSTRING& p__certificateId,
                                    OCTETSTRING& p__digest
                                    ) {
    loggers::get_instance().log(">>> fx__readCertificateDigest: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_certificate_digest(p__certificateId, p__digest) == -1) {
      return FALSE;
    }
    
garciay's avatar
garciay committed
    return TRUE;
  }

   * \brief    Read the private keys for the specified certificate
   * \param   p_certificateId     the keys identifier
   * \param   p_signingPrivateKey the signing private key
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
  BOOLEAN fx__readSigningKey(
                             const CHARSTRING& p__certificateId,
garciay's avatar
garciay committed
                             OCTETSTRING& p__signingPrivateKey
                             ) {
    loggers::get_instance().log(">>> fx__readSigningKey: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_private_key(p__certificateId, p__signingPrivateKey) == -1) {
      return FALSE;
    }
    
garciay's avatar
garciay committed
    return TRUE;
  }

   * \brief    Read the private keys for the specified certificate
   * \param   p_keysId            the keys identifier
   * \param   p_encryptPrivateKey the encrypt private key
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
   fx_readEncryptingKey(in charstring p_keysId, out Oct32 p_encryptingPrivateKey) return boolean;
  */
  BOOLEAN fx__readEncryptingKey(
                                const CHARSTRING& p__certificateId,
garciay's avatar
garciay committed
                                OCTETSTRING& p__encryptingPrivateKey
                                ) {
    loggers::get_instance().log(">>> fx__readSigningKey: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_private_enc_key(p__certificateId, p__encryptingPrivateKey) == -1) {
      return FALSE;
    }

garciay's avatar
garciay committed
    return TRUE;
  }

  //        group geodesic 

  /*          * \brief    Check that given polygon doesn't have neither self-intersections nor holes.
   * \param   p_region   Polygonal Region
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
   * @verdict Unchanged
   fx_isValidPolygonalRegion(in PolygonalRegion p_region) return boolean;
  */
  BOOLEAN fx__isValidPolygonalRegion(
                                     const IEEE1609dot2BaseTypes::PolygonalRegion& p__region
                                     ) {
    return TRUE;
  }

  /*          * \brief Check if a polygonal region is inside another one
   * \param p_parent  The main polygonal region
   * \param p_region  The polygonal region to be included
   * \return true on success, false otherwise
garciay's avatar
garciay committed
   * @verdict Unchanged
   fx_isPolygonalRegionInside(in PolygonalRegion p_parent, in PolygonalRegion p_region) return boolean;
  */
  BOOLEAN fx__isPolygonalRegionInside(
                                      const IEEE1609dot2BaseTypes::PolygonalRegion& p__parent,
                                      const IEEE1609dot2BaseTypes::PolygonalRegion& p__region
                                      ) {
    return TRUE;
  }

  /*          * \brief Check that the location is inside a circular region
   * \param p_region      The circular region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
garciay's avatar
garciay committed
   * @verdict Unchanged
   fx_isLocationInsideCircularRegion(in CircularRegion p_region, in ThreeDLocation p_location) return boolean;
  */
  BOOLEAN fx__isLocationInsideCircularRegion(
                                             const IEEE1609dot2BaseTypes::CircularRegion& p__region,
                                             const IEEE1609dot2BaseTypes::ThreeDLocation& p__location
                                             ) {
    return TRUE;
  }

  /*          * \brief Check that the location is inside a rectangular region
   * \param p_region      The rectangular region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
garciay's avatar
garciay committed
   * @verdict Unchanged
   fx_isLocationInsideRectangularRegion(in SequenceOfRectangularRegion p_region, in ThreeDLocation p_location) return boolean;
  */
  BOOLEAN fx__isLocationInsideRectangularRegion(
                                                const IEEE1609dot2BaseTypes::SequenceOfRectangularRegion& p__region,
                                                const IEEE1609dot2BaseTypes::ThreeDLocation& p__location
                                                ) {
    return TRUE;
  }

  /*          * \brief Check that the location is inside a polygonal region
   * \param p_region      The polygonal region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
garciay's avatar
garciay committed
   * @verdict Unchanged
   fx_isLocationInsidePolygonalRegion(in PolygonalRegion p_region, in ThreeDLocation p_location) return boolean;
  */
  BOOLEAN fx__isLocationInsidePolygonalRegion(
                                              const IEEE1609dot2BaseTypes::PolygonalRegion& p__region,
                                              const IEEE1609dot2BaseTypes::ThreeDLocation& p__location
                                              ) {
    return TRUE;
  }


  /*          * \brief Check if the location is inside an identified region
   * \param p_region      The identified region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
garciay's avatar
garciay committed
   * @verdict Unchanged
   fx_isLocationInsideIdentifiedRegion(in IdentifiedRegion p_region, in ThreeDLocation p_location) return boolean;
  */
  BOOLEAN fx__isLocationInsideIdentifiedRegion(
                                               const IEEE1609dot2BaseTypes::IdentifiedRegion& p__region,
                                               const IEEE1609dot2BaseTypes::ThreeDLocation& p__location
                                               ) {
    return TRUE;
  }

  /*          * \brief Check if the location is inside an undefined region
   * \param p_region      The identified region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
garciay's avatar
garciay committed
   * @verdict Unchanged
   fx_isLocationInsideOtherRegion(in octetstring p_region, in ThreeDLocation p_location) return boolean; 
  */
  BOOLEAN fx__isLocationInsideOtherRegion(
                                          const OCTETSTRING& p_region,
                                          const IEEE1609dot2BaseTypes::ThreeDLocation& p_location
                                          ) {
    return TRUE;
  } 

  /*           * \brief    Check that p_circular_region_1 circular region is included into p_circular_region_2 circular region
   * \param   p_circular_region_1    Circular region 1
   * \param   p_circular_region_2    Circular region 2
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
   fx_areCirclesInside(in CircularRegion p_circular_region_1, in CircularRegion p_circular_region_2) return boolean;
  */
  BOOLEAN fx__areCirclesInside(
                               const IEEE1609dot2BaseTypes::CircularRegion& p_circular_region_1,
                               const IEEE1609dot2BaseTypes::CircularRegion& p_circular_region_2
                               ) {
    return TRUE;
  }

  /*           * \brief    Check that p_rectanglar_region_1 rectangular region is included into p_rectanglar_region_2 rectangular region
   * \param   p_rectanglar_region_1    Rectangular region 1
   * \param   p_rectanglar_region_2    Rectangular region 2
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
   fx_areRectanglesInside(in SequenceOfRectangularRegion p_rectanglar_region_1, in SequenceOfRectangularRegion p_rectanglar_region_2) return boolean;
  */
  BOOLEAN fx__areRectanglesInside(
                                  const IEEE1609dot2BaseTypes::SequenceOfRectangularRegion& p_rectanglar_region_1,
                                  const IEEE1609dot2BaseTypes::SequenceOfRectangularRegion& p_rectanglar_region_2
                                  ) {
    return TRUE;
  }

  /*           * \brief    Check that p_polygonal_region_1 polygonal region is included into p_polygonal_region_2 polygonal region
   * \param   p_polygonal_region_1    Polygonal region 1
   * \param   p_polygonal_region_2    Polygonal region 2
   * \return  true on success, false otherwise
garciay's avatar
garciay committed
   fx_arePolygonsInside(in PolygonalRegion p_polygonal_region_1, in PolygonalRegion p_polygonal_region_2) return boolean;
  */
  BOOLEAN fx__arePolygonsInside(
                                const IEEE1609dot2BaseTypes::PolygonalRegion& p_polygonal_region_1,
                                const IEEE1609dot2BaseTypes::PolygonalRegion& p_polygonal_region_2
                                ) {
    return TRUE;
  }

  /**
   * \brief Convert a spacial coordinate from DMS to DMS
   * \param p_degrees The degrees (D)
   * \param p_minutes The minutes (M)
   * \param p_seconds The seconds (S)
   * \param p_latlon  The latitude/longitude: (N|S|E|W)
   * \return The decimal coordinate on success, 0.0, otherwise
garciay's avatar
garciay committed
   * @verdict Unchanged
   fx_dms2dd(in Int p_degrees, in Int p_minutes, in float p_seconds, in Oct1 p_latlon) return float;
  */
  FLOAT fx__dms2dd(
                   const INTEGER& p__degrees,
                   const INTEGER& p__minutes,
                   const FLOAT& p__seconds,
                   const OCTETSTRING& p__latlon
                   ) {
    return 0.0;
  }

} // end of namespace