Commit 03e73473 authored Aug 13, 2018 by garciay

Bug fixed in fx__encryptWithEcies<xxx>

parent 7796b387

ccsrc/Externals/LibItsSecurity_externals.cc

+2 −2

Original line number	Diff line number	Diff line
		@@ -676,7 +676,7 @@ namespace LibItsSecurity__Functions
		// Decrypt the message
		OCTETSTRING enc_message(p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage)); // Extract the encrypted message
		loggers::get_instance().log_msg("fx__decryptWithEciesNistp256WithSha256: enc_message: ", enc_message); // Extract the ctag value
		OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(enc_message) + p__encryptedSecuredMessage.lengthof());
		OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage) + p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof());
		loggers::get_instance().log_msg("fx__decryptWithEciesNistp256WithSha256: tag: ", tag);
		OCTETSTRING message;
		if (ec.decrypt(tag, enc_message, message) == -1) {
		@@ -755,7 +755,7 @@ namespace LibItsSecurity__Functions
		// Decrypt the message
		OCTETSTRING enc_message(p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage)); // Extract the encrypted message
		loggers::get_instance().log_msg("fx__decryptWithEciesBrainpoolp256WithSha256: enc_message: ", enc_message); // Extract the ctag value
		OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(enc_message) + p__encryptedSecuredMessage.lengthof());
		OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage) + p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof());
		loggers::get_instance().log_msg("fx__decryptWithEciesBrainpoolp256WithSha256: tag: ", tag);
		OCTETSTRING message;
		if (ec.decrypt(tag, enc_message, message) == -1) {

ccsrc/Protocols/Security/security_ecc.cc

+2 −8

Original line number	Diff line number	Diff line
		@@ -497,19 +497,12 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p
		loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): Generated nonce: ", nonce);
		OCTETSTRING sym_key(sym_key_length, nonce.lengthof() + static_cast<const unsigned char*>(digest));
		loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): sym_key: ", sym_key);
		OCTETSTRING tag(tag_length, nonce.lengthof() + sym_key.lengthof() + tag.lengthof() + static_cast<const unsigned char*>(digest)); // TODO Useless???
		OCTETSTRING tag(tag_length, nonce.lengthof() + sym_key.lengthof() + static_cast<const unsigned char*>(digest)); // TODO Useless???
		loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): tag: ", tag);
		// Extract the HMAC key
		OCTETSTRING hmac_secret(k_length + k_length, nonce_length + sym_key_length + tag_length + static_cast<const unsigned char*>(digest));
		loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): hmac_secret: ", hmac_secret);

		// Encrypt the _sym_key
		if (encrypt(encryption_algotithm::aes_128_ccm, _sym_key, _nonce, _sym_key, _enc_sym_key) == -1) {
		loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (2): Failed to encrypt key");
		return -1;
		}
		loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): Encrypted symmetric key: ", encrypted_symmetric_key());

		// Check if nonce vectors are valid
		if (_nonce != nonce) {
		loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (2): Failed to derive nonce vector");
		@@ -825,6 +818,7 @@ int security_ecc::bin_to_ec_point(const OCTETSTRING& p_public_key_x, const OCTET
		pubk_bn = ::BN_bin2bn(static_cast<const unsigned char*>(v), v.lengthof(), nullptr);
		*p_ec_point = ::EC_POINT_new(_ec_group);
		::EC_POINT_bn2point(_ec_group, pubk_bn, *p_ec_point, _bn_ctx);
		::BN_clear_free(pubk_bn);

		// BIO bio_out = nullptr; / stdout */
		// bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);

etc/TestCodec/TestCodec.cfg

+4 −5

Original line number	Diff line number	Diff line
		@@ -285,7 +285,7 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1)"
		#TestCodec_SecuredFuntions.tc_f_signWithEcdsaBrainpoolp384WithSha384_1
		#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_1
		#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_2
		TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
		#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
		#TestCodec_SecuredFuntions.tc_load_certificates
		#TestCodec_SecuredFuntions.tc_read_certificate_1
		#TestCodec_SecuredFuntions.tc_read_certificate_2
		@@ -319,11 +319,10 @@ TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall
		#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
		#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
		#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
		#TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
		#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
		#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
		TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
		TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
		TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
		#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_4
		#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_5
		# Pki
		#TestCodec_Pki.tc_inner_ec_request_1
		#TestCodec_Pki.tc_inner_ec_request_2