Skip to content
GitLab
Commit 2731bdfd authored by garciay's avatar garciay
Browse files

Major bugs fixed in security_ecc, remove useless folders for STF525

parent 8584645f
Expand all Hide whitespace changes
Inline Side-by-side
ccsrc/Externals/LibItsSecurity_externals.cc
View file @ 2731bdfd
......@@ -547,6 +547,21 @@ namespace LibItsSecurity__Functions
return os;
}
OCTETSTRING fx__test__encrypt__aes__128__gcm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) {
loggers::get_instance().log(">>> fx__test__encrypt__aes__128__gcm__test");
security_ecc ec(ec_elliptic_curves::nist_p_256);
OCTETSTRING enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_gcm, p__k, p__n, p__pt, enc_message) == -1) {
loggers::get_instance().warning("fx__test__encrypt__aes__128__gcm__test: Failed to encrypt message");
return OCTETSTRING(0, nullptr);
}
OCTETSTRING os(enc_message + ec.tag());
loggers::get_instance().log_msg("fx__test__encrypt__aes__128__gcm__test: encrypted message: ", os);
return os;
}
/**
* \fn OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct);
* \brief Encrypt the message using AES 128 CCM algorithm
......@@ -593,39 +608,39 @@ namespace LibItsSecurity__Functions
* \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf
*/
// TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage);
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyCompressed", p__recipientsPublicKeyCompressed);
loggers::get_instance().log(">>> fx__encryptWithEciesNistp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode));
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__salt", p__salt);
// 1. Generate new Private/Public key
// 1. Generate new Private/Public Ephemeral key
security_ecc ec(ec_elliptic_curves::nist_p_256);
if (ec.generate() == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys");
return OCTETSTRING(0, nullptr);
}
// 2. Generate and derive shared secret
// 2. Generate and derive shared secret based on recipient's private keys
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y()) == -1) {
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING(0, nullptr);
}
// Set the encrypted symmetric key
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Symmetric encryption key: ", ec.symmetric_encryption_key());
p__encrypted__sym__key = ec.encrypted_symmetric_key();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Encrypted symmetric key: ", p__encrypted__sym__key);
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
// Set the tag of the symmetric key encryption
p__authentication__vector = ec.tag();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector);
// Set ephemeral public keys
p__publicEphemeralKeyCompressed = ec.public_key_compressed();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed);
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__publicEphemeralKeyCompressed: ", p__publicEphemeralKeyCompressed);
p__ephemeralCompressedMode = (ec.public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1;
loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed mode: %d", p__ephemeralCompressedMode);
loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: p__ephemeralCompressedMode: %d", p__ephemeralCompressedMode);
// 3. Retrieve AES 128 parameters
p__nonce = ec.nonce();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce);
OCTETSTRING enc_symm_key = ec.symmetric_encryption_key();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: enc_symm_key: ", enc_symm_key);
// 4. Encrypt the data using AES-128 CCM
OCTETSTRING enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
......@@ -637,7 +652,50 @@ namespace LibItsSecurity__Functions
return enc_message;
}
/**
* @desc Test function for ECIES NIST P-256 Encryption with SHA-256
* @remark For the purpose of testing, the content of p__toBeEncryptedSecuredMessage is the AES 128 symmetric key to be encrypted
*/
OCTETSTRING fx__test__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__privateEphemeralKey, const OCTETSTRING& p__recipientPublicKeyX, const OCTETSTRING& p__recipientPublicKeyY, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyX, OCTETSTRING& p__publicEphemeralKeyY, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
// 1. Generate new ephemeral Private/Public keys
security_ecc ec(ec_elliptic_curves::nist_p_256, p__privateEphemeralKey);
p__publicEphemeralKeyX = ec.public_key_x();
p__publicEphemeralKeyY = ec.public_key_y();
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: Vx=", p__publicEphemeralKeyX);
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: Vy=", p__publicEphemeralKeyY);
// 2. Generate and derive shared secret
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientPublicKeyX, p__recipientPublicKeyY);
ec.symmetric_encryption_key(p__toBeEncryptedSecuredMessage);
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: ", ec.encrypted_symmetric_key());
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) {
loggers::get_instance().warning("fx__test__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING(0, nullptr);
}
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: symmetric_encryption_key: ", ec.symmetric_encryption_key());
// Set the encrypted symmetric key
p__encrypted__sym__key = ec.encrypted_symmetric_key();
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
// Set the tag of the symmetric key encryption
p__authentication__vector = ec.tag();
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector);
// 3. Retrieve AES 128 parameters
p__nonce = ec.nonce();
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce);
// 4. Encrypt the data using AES-128 CCM
OCTETSTRING enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
loggers::get_instance().warning("fx__test__encryptWithEciesNistp256WithSha256: Failed to encrypt message");
return OCTETSTRING(0, nullptr);
}
enc_message += ec.tag();
loggers::get_instance().log_to_hexa("fx__test__encryptWithEciesNistp256WithSha256: enc message||Tag: ", enc_message);
return enc_message;
}
/**
* \fn OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyX, const OCTETSTRING& p__publicEphemeralKeyY, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce);
* \brief Decrypt the message using ECIES algorithm to decrypt AES 128 CCM symmetric key, as defined in IEEE Std 1609.2-2017
......@@ -654,7 +712,7 @@ namespace LibItsSecurity__Functions
* \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf
*/
// TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce) {
OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce, const OCTETSTRING& p__salt) {
loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__encryptedSecuredMessage);
loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__privateEncKey: ", p__privateEncKey);
loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__publicEphemeralKeyCompressed: ", p__publicEphemeralKeyCompressed);
......@@ -662,13 +720,14 @@ namespace LibItsSecurity__Functions
loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce);
loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector);
loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__salt", p__salt);
// 1. Create security_ecc instance
// 1. Create security_ecc instance based on recipient's private key
security_ecc ec(ec_elliptic_curves::nist_p_256, p__privateEncKey);
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__publicEphemeralKeyCompressed, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
// 2. Generate the shared secret value based on recipient's public ephemeral keys will be required
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p__privateEncKey, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector) == -1) {
// 2. Generate the shared secret value based on public ephemeral keys will be required
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector, p__salt) == -1) {
loggers::get_instance().warning("fx__decryptWithEciesNistp256WithSha256: Failed to generate shared secret");
return OCTETSTRING(0, nullptr);
}
......@@ -693,7 +752,7 @@ namespace LibItsSecurity__Functions
loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__recipientsPublicKeyCompressed: ", p__recipientsPublicKeyCompressed);
loggers::get_instance().log(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode));
// 1. Generate new Private/Public key
// 1. Generate new ephemeral Private/Public keys
security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1);
if (ec.generate() == -1) {
loggers::get_instance().warning(": Failed to generate ephemeral keys");
......@@ -701,7 +760,7 @@ namespace LibItsSecurity__Functions
}
// 2. Generate and derive shared secret
security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y()) == -1) {
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), OCTETSTRING(0, nullptr)) == -1) {
loggers::get_instance().warning(": Failed to generate and derive secret key");
return OCTETSTRING(0, nullptr);
}
......@@ -742,12 +801,12 @@ namespace LibItsSecurity__Functions
loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector);
loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
// 1. Create security_ecc instance
// 1. Create security_ecc instance based on public ephemeral keys
security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1, p__privateEncKey);
security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__publicEphemeralKeyCompressed, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
// 2. Generate the shared secret value based on recipient's public ephemeral keys will be required
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p__privateEncKey, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector) == -1) {
// 2. Generate the shared secret value based on public ephemeral keys will be required
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector, OCTETSTRING(0, nullptr)) == -1) {
loggers::get_instance().warning("fx__decryptWithEciesBrainpoolp256WithSha256: Failed to generate shared secret");
return OCTETSTRING(0, nullptr);
}
......
ccsrc/Protocols/Http/http_codec.cc
View file @ 2731bdfd
......@@ -399,10 +399,14 @@ int http_codec::encode_body(const LibItsHttp__MessageBodyTypes::HttpMessageBody&
loggers::get_instance().log("http_codec::encode_body: Call '%s'", it->first.c_str());
_codecs["http_its"]->encode((Record_Type&)binary_body.ieee1609dot2__data(), p_encoding_buffer); // TODO Use params
// TODO Encode in hex string
#if !defined(GEMALTO_FIX)
// GEMALTO Encode in hex string
CHARSTRING buf = oct2str(p_encoding_buffer);
p_encoding_buffer = OCTETSTRING(buf.lengthof(), (const unsigned char*)(static_cast<const char*>(buf)));
loggers::get_instance().log_msg("http_codec::encode_body: Convert binary to string: ", p_encoding_buffer);
#endif
processed = true;
}
......@@ -472,6 +476,16 @@ int http_codec::decode_body(TTCN_Buffer& decoding_buffer, LibItsHttp__MessageBod
OCTETSTRING s(decoding_buffer.get_len() - decoding_buffer.get_pos(), decoding_buffer.get_data() + decoding_buffer.get_pos());
loggers::get_instance().log_msg("http_codec::decode_body: raw body=", s);
#if !defined(GEMALTO_FIX)
// GEMALTO Encode in hex string
s = str2oct(CHARSTRING(s.lengthof(), (const char*)(static_cast<const unsigned char*>(s))));
loggers::get_instance().log_msg("http_codec::decode_body: Convert string to binary: ", s);
#endif
// Align the payload length with the specified Content-lenght value
loggers::get_instance().log("http_codec::decode_body: _dc.length=%d - body length=%d", _dc.length, s.lengthof());
OCTETSTRING body;
......
ccsrc/Protocols/Security/hmac.hh
View file @ 2731bdfd
......@@ -51,7 +51,7 @@ public:
* \param[out] p_hmac The HMAC value based of the provided data
* \return 0 on success, -1 otherwise
*/
int generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac);
int generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac); // TODO Use reference &
/*!
* \fn int generate(const unsigned char* p_buffer, const size_t p_buffer_length, const unsigned char* p_secret_key, const size_t p_secret_key_length, OCTETSTRING& p_hmac);
......
ccsrc/Protocols/Security/security_ecc.cc
View file @ 2731bdfd
This diff is collapsed.
ccsrc/Protocols/Security/security_ecc.hh
View file @ 2731bdfd
......@@ -128,7 +128,7 @@ public: //! \publicsection
/*!
* \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y);
* \brief Generate a shared secret key and derive it using KDF2 algorithm.
* This method shall be used by the sender. Fresh keys will be genrated for each cyphering operation
* This method shall be used for encryption, fresh keys will be genrated for each cyphering operation
* \param[in] p_enc_algorithm The encryption algorithm to be used
* \param[in] p_recipients_public_key_x The recipient public key X-coordinate
* \param[in] p_recipients_public_key_x The recipient public key Y-coordinate
......@@ -138,21 +138,20 @@ public: //! \publicsection
* \see encrypt methog to encrypt a message based of the generated symetric encryption key
* \return 0 on success, -1 otherwise
*/
int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y);
int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y, const OCTETSTRING& p_salt);
/*!
* \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y);
* \brief Generate a shared secret key and derive it using KDF2 algorithm.
* This method shall be used for decryption process
* \param[in] p_enc_algorithm The encryption algorithm to be used
* \param[in] p_private_enc_key The private encryption key associated to the public encryption key
* \param[in] p_ephemeral_public_key_x The recipient public key X-coordinate
* \param[in] p_ephemeral_public_key_x The recipient public key Y-coordinate
* \param[in] p_ephemeral_public_key_y The recipient public key Y-coordinate
* \remark To get the secret key, uses \see secret_key method
* \remark To get the decrypteded symmetric encryption key, uses \see symmetric_encryption_key method
* \return 0 on success, -1 otherwise
*/
int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector);
int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_recipients_compressed_key_x, const INTEGER& p_compressed_mode, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector);
int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector, const OCTETSTRING& p_salt);
/*!
* \fn int encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message);
......@@ -217,6 +216,13 @@ public: //! \publicsection
inline const OCTETSTRING& encryption_key_y() const { return _enc_key_y; };
inline const OCTETSTRING& encrypted_symmetric_key() const { return _enc_sym_key; };
inline const OCTETSTRING& symmetric_encryption_key() const { return _sym_key; };
/*!
* \fn void symmetric_encryption_key(const OCTETSTRING& p_sym_key);
* \brief Set AES symmetric key value.
* To be used for test purpose only
* \see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES
*/
inline void symmetric_encryption_key(const OCTETSTRING& p_sym_key) { _sym_key = p_sym_key; };
inline const OCTETSTRING& nonce() const { return _nonce; };
inline const OCTETSTRING& tag() const { return _tag; };
......@@ -240,10 +246,6 @@ private: //! \privatesection
*/
int public_key_to_bin(OCTETSTRING& p_bin_key);
/*int multiply_point_with_bn(const EC_POINT &a, const BIGNUM* b, EC_POINT **P);
// R: XY-coordinate compressed, S: Share Secret
int derive_s_from_private_key(BIGNUM *S, BIGNUM *R);
// R: XY-coordinate compressed, S: Share Secret
int derive_s_from_public_key(BIGNUM *S, BIGNUM *R);*/
int kdf2(const OCTETSTRING& p_secret_key, const OCTETSTRING& p_salt, const unsigned char p_hash_algorithm, const int p_key_length, OCTETSTRING& p_digest);
int kdf2_sha256(const OCTETSTRING& p_secret_key, const OCTETSTRING& p_salt, const int p_key_length, OCTETSTRING& p_digest);
}; // End of class security_ecc
ccsrc/Protocols/Security/security_services.cc
View file @ 2731bdfd
......@@ -383,16 +383,16 @@ int security_services::process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2:
}
// 3. Generate the shared secret value based on recipient's public ephemeral keys will be required
security_ecc ec(ec_elliptic_curves::nist_p_256, p_enc_key);
int result;
security_ecc ec(ec_elliptic_curves::nist_p_256, p_enc_key);
if (ecies->v().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
result = ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p_enc_key, ecies->v().uncompressedP256().x(), ecies->v().uncompressedP256().y(), ecies->c(), p_encrypted_data.ciphertext().aes128ccm().nonce(), ecies->t());
result = ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ecies->v().uncompressedP256().x(), ecies->v().uncompressedP256().y(), ecies->c(), p_encrypted_data.ciphertext().aes128ccm().nonce(), ecies->t(), OCTETSTRING(0, nullptr));
} else if (ecies->v().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
const INTEGER compressed_mode(0);
result = ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p_enc_key, ecies->v().compressed__y__0(), compressed_mode, ecies->c(), p_encrypted_data.ciphertext().aes128ccm().nonce(), ecies->t());
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, ecies->v().compressed__y__0(), ecc_compressed_mode::compressed_y_0);
result = ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), ecies->c(), p_encrypted_data.ciphertext().aes128ccm().nonce(), ecies->t(), OCTETSTRING(0, nullptr));
} else if(ecies->v().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
const INTEGER compressed_mode(1);
result = ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p_enc_key, ecies->v().compressed__y__1(), compressed_mode, ecies->c(), p_encrypted_data.ciphertext().aes128ccm().nonce(), ecies->t());
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, ecies->v().compressed__y__1(), ecc_compressed_mode::compressed_y_1);
result = ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), ecies->c(), p_encrypted_data.ciphertext().aes128ccm().nonce(), ecies->t(), OCTETSTRING(0, nullptr));
} else {
loggers::get_instance().warning("security_services::process_ieee_1609_dot2_encrypted_data: Failed to decode Decrypt Ieee1609Dot2Data-Encrypted");
return -1;
......@@ -592,7 +592,7 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
}
// 3. Generate and derive shared secret
if (_ec_keys_enc.get()->generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, r_public_key_x, r_public_key_y) == -1) {
if (_ec_keys_enc.get()->generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, r_public_key_x, r_public_key_y, OCTETSTRING(0, nullptr)) == -1) {
loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate and derive secret key");
return -1;
}
......
docker/run-container.sh
View file @ 2731bdfd
......@@ -5,7 +5,7 @@
#set -e
set -vx
docker run -i --rm stf525_its:latest /bin/bash #-c "sudo etsi"
docker run -i --rm stf525_its:latest /bin/bash -c "cd /home/etsi/dev/etsi_its/src/TestCodec/objs && ../bin/run_all.bash"
# That's all Floks
exit 0
etc/TestCodec/TestCodec.cfg
View file @ 2731bdfd
......@@ -285,7 +285,7 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
#TestCodec_SecuredFuntions.tc_sha384_1
#TestCodec_SecuredFuntions.tc_f_generate_key_pair_1
#TestCodec_SecuredFuntions.tc_f_generate_key_pair_2
TestCodec_SecuredFuntions.tc_f_generate_key_pair_3
#TestCodec_SecuredFuntions.tc_f_generate_key_pair_3
#TestCodec_SecuredFuntions.tc_f_signWithEcdsaNistp256WithSha256_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_2
......@@ -327,12 +327,17 @@ TestCodec_SecuredFuntions.tc_f_generate_key_pair_3
#TestCodec_SecuredFuntions.tc_read_certificate_digest
#TestCodec_SecuredFuntions.tc_read_certificate_hash
# Encryption
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test1
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test2
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test3
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test1
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test2
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test3
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test4
TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_1
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_2
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_3
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_4
#TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
......
javasrc/CeCILL-C LICENSE.txt deleted 100644 → 0
View file @ 8584645f
This diff is collapsed.
javasrc/adapter/org/etsi/adapter/GnssSupportFactory.java deleted 100644 → 0
View file @ 8584645f
/**
* Factory for GNSS Support implementations.
* Implementations have to register to this factory.
*
*/
package org.etsi.adapter;
/**
* Factory for Test Execution Required implementations.
* Implementations have to register to this factory.
*/
public class GnssSupportFactory {
/**
* Registered IGnssSupport implementation
*/
private static IGnssSupport instance;
/**
* Gets the registered IGnssSupport implementation
* @return Instance of IGnssSupport implementation registered through setImpl() or null
* @see setImpl
*/
public static IGnssSupport getInstance() {
return instance;
}
/**
* Private constructor (Singleton pattern)
*/
private GnssSupportFactory() {
//empty
}
/**
* Sets the implementation instance to be returned by the factory
* @param impl Instance of the implementation to be registered
*/
public static void setImpl(IGnssSupport impl) {
instance = impl;
}
}
javasrc/adapter/org/etsi/adapter/IGnssSupport.java deleted 100644 → 0
View file @ 8584645f
/*
* ----------------------------------------------------------------------------
* (C) Copyright Testing Technologies, 2001-2015. All Rights Reserved.
*
* All copies of this program, whether in whole or in part, and whether
* modified or not, must display this and all other embedded copyright
* and ownership notices in full.
*
* See the file COPYRIGHT for details of redistribution and use.
*
* You should have received a copy of the COPYRIGHT file along with
* this file; if not, write to the Testing Technologies,
* Michaelkirchstr. 17/18, 10179 Berlin, Germany.
*
* TESTING TECHNOLOGIES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
* SOFTWARE. IN NO EVENT SHALL TESTING TECHNOLOGIES BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
* ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
* THIS SOFTWARE.
*
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
* EITHER EXPRESSED OR IMPLIED, INCLUDING ANY KIND OF IMPLIED OR
* EXPRESSED WARRANTY OF NON-INFRINGEMENT OR THE IMPLIED WARRANTIES
* OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* ----------------------------------------------------------------------------- */
/**
* GNSS support interface to be implemented by TE providers.
*/
package org.etsi.adapter;
import java.math.BigInteger;
import org.etsi.its.adapter.ports.AdapterPort;
import org.etsi.ttcn.tri.TriStatus;
/**
* Test Execution Required interface to be implemented by TE providers.
*/
public interface IGnssSupport {
/**
* Initialize the GNSS support.
* @return TRI_OK in case of success, false otherwise
*/
public TriStatus init();
/**
* Loads a scenario
* @param id of predefined scenario
* @return TRUE on success, FALSE otherwise
*/
public boolean loadScenario(int p_id);
/**
* Starts a loaded scenario
* @return TRUE on success, FALSE otherwise
*/
public boolean startScenario();
/**
* Stops a started scenario
* @return TRUE on success, FALSE otherwise
*/
public boolean stopScenario();
/**
* Signals when the requested distance was covered
* @param distance The requested distance in m.
* @return TRUE on success, FALSE otherwise
*/
public boolean awaitDistanceToCover(AdapterPort notifier, double distance);
/**
* Changes dynamically the speed in the running scenario
* @param The new speed value.
* @return TRUE on success, FALSE otherwise
*/
public boolean changeSpeed(double speed);
/**
* Changes dynamically the heading in the running scenario
* @param heading The new heading value.
* @return TRUE on success, FALSE otherwise
*/
public boolean changeHeading(double heading);
/**
* Gets the current GPS time
* @return the time
*/
public BigInteger getGpsTime();
/**
* Signals when the requested time in the running scenario is reached
* @param time The requested time in msec.
* @return TRUE on success, FALSE otherwise
*/
public boolean awaitTimeInRunningScenario(AdapterPort notifier, int time);
/**
* Dispose object
*/
public void dispose();
}
javasrc/adapter/org/etsi/adapter/ITERequired.java deleted 100644 → 0
View file @ 8584645f
/**
* Test Execution Required interface to be implemented by TE providers.
*
* @author ETSI / STF424
* @version $URL$
* $Id$
*
*/
package org.etsi.adapter;
import org.etsi.ttcn.tci.Value;
import org.etsi.ttcn.tri.TriAddress;
import org.etsi.ttcn.tri.TriCommunicationTE;
import org.etsi.ttcn.tri.TriMessage;
import org.etsi.ttcn.tri.TriStatus;
/**
* Test Execution Required interface to be implemented by TE providers.
*/
public interface ITERequired {
/**
* Gets TriCommunicationTE implementation
* @return TriCommunicationTE implementation
*/
TriCommunicationTE getCommunicationTE();
/**
* Creates TriStatus object corresponding to statusCode
* @param statusCode Status value
* @return TriStatus corresponding to statusCode
*/
TriStatus getTriStatus(int statusCode);
/**
* Creates TriStatus object corresponding to statusCode (non TRI-standard)
* @param statusCode Status value
* @param message Informational message (Error cause, ...)
* @return TriStatus corresponding to statusCode
*/
TriStatus getTriStatus(int statusCode, String message);
/**
* Gets TriAddress
* @param message
* @return TriAddress
*/
TriAddress getTriAddress(byte[] message);
/**
* Gets TriMessage
* @param message
* @return TriMessage
*/
TriMessage getTriMessage(byte[] message);
/**
* Gets Test Adapter configuration parameter (non TRI-standard)
* @param param Name of the configuration parameter
* @return Value associated to the TA parameter