Bug fixed in fx__encryptWithEcies<xxx>

03e73473 · garciay · 7796b387 · 03e73473 · 03e73473 · 03e73473
Commit 03e73473 authored Aug 13, 2018 by garciay
--- a/ccsrc/Externals/LibItsSecurity_externals.cc
+++ b/ccsrc/Externals/LibItsSecurity_externals.cc
@@ -676,7 +676,7 @@ namespace LibItsSecurity__Functions
    // Decrypt the message
    OCTETSTRING enc_message(p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage)); // Extract the encrypted message
    loggers::get_instance().log_msg("fx__decryptWithEciesNistp256WithSha256: enc_message: ", enc_message); // Extract the ctag value
-    OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(enc_message) + p__encryptedSecuredMessage.lengthof());
+    OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage) + p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof());
    loggers::get_instance().log_msg("fx__decryptWithEciesNistp256WithSha256: tag: ", tag);
    OCTETSTRING message;
    if (ec.decrypt(tag, enc_message, message) == -1) {
@@ -755,7 +755,7 @@ namespace LibItsSecurity__Functions
    // Decrypt the message
    OCTETSTRING enc_message(p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage)); // Extract the encrypted message
    loggers::get_instance().log_msg("fx__decryptWithEciesBrainpoolp256WithSha256: enc_message: ", enc_message); // Extract the ctag value
-    OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(enc_message) + p__encryptedSecuredMessage.lengthof());
+    OCTETSTRING tag(ec.tag().lengthof(), static_cast<const unsigned char*>(p__encryptedSecuredMessage) + p__encryptedSecuredMessage.lengthof() - ec.tag().lengthof());
    loggers::get_instance().log_msg("fx__decryptWithEciesBrainpoolp256WithSha256: tag: ", tag);
    OCTETSTRING message;
    if (ec.decrypt(tag, enc_message, message) == -1) {

--- a/ccsrc/Protocols/Security/security_ecc.cc
+++ b/ccsrc/Protocols/Security/security_ecc.cc
@@ -497,19 +497,12 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p
  loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): Generated nonce: ", nonce);
  OCTETSTRING sym_key(sym_key_length, nonce.lengthof() + static_cast<const unsigned char*>(digest));
  loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): sym_key: ", sym_key);
-  OCTETSTRING tag(tag_length, nonce.lengthof() + sym_key.lengthof() + tag.lengthof() + static_cast<const unsigned char*>(digest)); // TODO Useless???
+  OCTETSTRING tag(tag_length, nonce.lengthof() + sym_key.lengthof() + static_cast<const unsigned char*>(digest)); // TODO Useless???
  loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): tag: ", tag);
  // Extract the HMAC key
  OCTETSTRING hmac_secret(k_length + k_length, nonce_length + sym_key_length + tag_length + static_cast<const unsigned char*>(digest));
  loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): hmac_secret: ", hmac_secret);
  
-  // Encrypt the _sym_key
-  if (encrypt(encryption_algotithm::aes_128_ccm, _sym_key, _nonce, _sym_key, _enc_sym_key) == -1) {
-    loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (2): Failed to encrypt key");
-    return -1;
-  }
-  loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (2): Encrypted symmetric key: ", encrypted_symmetric_key());
-
  // Check if nonce vectors are valid
  if (_nonce != nonce) {
    loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key (2): Failed to derive nonce vector");
@@ -825,6 +818,7 @@ int security_ecc::bin_to_ec_point(const OCTETSTRING& p_public_key_x, const OCTET
  pubk_bn = ::BN_bin2bn(static_cast<const unsigned char*>(v), v.lengthof(), nullptr);
  *p_ec_point = ::EC_POINT_new(_ec_group);
  ::EC_POINT_bn2point(_ec_group, pubk_bn, *p_ec_point, _bn_ctx);
+  ::BN_clear_free(pubk_bn);

  // BIO            *bio_out  = nullptr; /* stdout */
  // bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);

--- a/etc/TestCodec/TestCodec.cfg
+++ b/etc/TestCodec/TestCodec.cfg
@@ -285,7 +285,7 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1)"
 #TestCodec_SecuredFuntions.tc_f_signWithEcdsaBrainpoolp384WithSha384_1
 #TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_1
 #TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_2
-TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
+#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
 #TestCodec_SecuredFuntions.tc_load_certificates
 #TestCodec_SecuredFuntions.tc_read_certificate_1
 #TestCodec_SecuredFuntions.tc_read_certificate_2
@@ -319,11 +319,10 @@ TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall
 #TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
 #TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
 #TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
-#TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
-#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
-#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
+TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
+TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
+TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
 #TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_4
-#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_5
 # Pki
 #TestCodec_Pki.tc_inner_ec_request_1
 #TestCodec_Pki.tc_inner_ec_request_2