Loading ccsrc/Externals/LibItsSecurity_externals.cc +78 −19 Original line number Diff line number Diff line Loading @@ -547,6 +547,21 @@ namespace LibItsSecurity__Functions return os; } OCTETSTRING fx__test__encrypt__aes__128__gcm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__test__encrypt__aes__128__gcm__test"); security_ecc ec(ec_elliptic_curves::nist_p_256); OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_gcm, p__k, p__n, p__pt, enc_message) == -1) { loggers::get_instance().warning("fx__test__encrypt__aes__128__gcm__test: Failed to encrypt message"); return OCTETSTRING(0, nullptr); } OCTETSTRING os(enc_message + ec.tag()); loggers::get_instance().log_msg("fx__test__encrypt__aes__128__gcm__test: encrypted message: ", os); return os; } /** * \fn OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct); * \brief Encrypt the message using AES 128 CCM algorithm Loading Loading @@ -593,39 +608,39 @@ namespace LibItsSecurity__Functions * \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf */ // TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) { OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) { loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage); loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyCompressed", p__recipientsPublicKeyCompressed); loggers::get_instance().log(">>> fx__encryptWithEciesNistp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode)); loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__salt", p__salt); // 1. Generate new Private/Public key // 1. Generate new Private/Public Ephemeral key security_ecc ec(ec_elliptic_curves::nist_p_256); if (ec.generate() == -1) { loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys"); return OCTETSTRING(0, nullptr); } // 2. Generate and derive shared secret // 2. Generate and derive shared secret based on recipient's private keys security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y()) == -1) { if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) { loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key"); return OCTETSTRING(0, nullptr); } // Set the encrypted symmetric key loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Symmetric encryption key: ", ec.symmetric_encryption_key()); p__encrypted__sym__key = ec.encrypted_symmetric_key(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Encrypted symmetric key: ", p__encrypted__sym__key); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key); // Set the tag of the symmetric key encryption p__authentication__vector = ec.tag(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector); // Set ephemeral public keys p__publicEphemeralKeyCompressed = ec.public_key_compressed(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__publicEphemeralKeyCompressed: ", p__publicEphemeralKeyCompressed); p__ephemeralCompressedMode = (ec.public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1; loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed mode: %d", p__ephemeralCompressedMode); loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: p__ephemeralCompressedMode: %d", p__ephemeralCompressedMode); // 3. Retrieve AES 128 parameters p__nonce = ec.nonce(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce); OCTETSTRING enc_symm_key = ec.symmetric_encryption_key(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: enc_symm_key: ", enc_symm_key); // 4. Encrypt the data using AES-128 CCM OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) { Loading @@ -638,6 +653,49 @@ namespace LibItsSecurity__Functions return enc_message; } /** * @desc Test function for ECIES NIST P-256 Encryption with SHA-256 * @remark For the purpose of testing, the content of p__toBeEncryptedSecuredMessage is the AES 128 symmetric key to be encrypted */ OCTETSTRING fx__test__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__privateEphemeralKey, const OCTETSTRING& p__recipientPublicKeyX, const OCTETSTRING& p__recipientPublicKeyY, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyX, OCTETSTRING& p__publicEphemeralKeyY, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) { // 1. Generate new ephemeral Private/Public keys security_ecc ec(ec_elliptic_curves::nist_p_256, p__privateEphemeralKey); p__publicEphemeralKeyX = ec.public_key_x(); p__publicEphemeralKeyY = ec.public_key_y(); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: Vx=", p__publicEphemeralKeyX); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: Vy=", p__publicEphemeralKeyY); // 2. Generate and derive shared secret security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientPublicKeyX, p__recipientPublicKeyY); ec.symmetric_encryption_key(p__toBeEncryptedSecuredMessage); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: ", ec.encrypted_symmetric_key()); if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) { loggers::get_instance().warning("fx__test__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key"); return OCTETSTRING(0, nullptr); } loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: symmetric_encryption_key: ", ec.symmetric_encryption_key()); // Set the encrypted symmetric key p__encrypted__sym__key = ec.encrypted_symmetric_key(); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key); // Set the tag of the symmetric key encryption p__authentication__vector = ec.tag(); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector); // 3. Retrieve AES 128 parameters p__nonce = ec.nonce(); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce); // 4. Encrypt the data using AES-128 CCM OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) { loggers::get_instance().warning("fx__test__encryptWithEciesNistp256WithSha256: Failed to encrypt message"); return OCTETSTRING(0, nullptr); } enc_message += ec.tag(); loggers::get_instance().log_to_hexa("fx__test__encryptWithEciesNistp256WithSha256: enc message||Tag: ", enc_message); return enc_message; } /** * \fn OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyX, const OCTETSTRING& p__publicEphemeralKeyY, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce); * \brief Decrypt the message using ECIES algorithm to decrypt AES 128 CCM symmetric key, as defined in IEEE Std 1609.2-2017 Loading @@ -654,7 +712,7 @@ namespace LibItsSecurity__Functions * \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf */ // TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce) { OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce, const OCTETSTRING& p__salt) { loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__encryptedSecuredMessage); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__privateEncKey: ", p__privateEncKey); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__publicEphemeralKeyCompressed: ", p__publicEphemeralKeyCompressed); Loading @@ -662,13 +720,14 @@ namespace LibItsSecurity__Functions loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__salt", p__salt); // 1. Create security_ecc instance // 1. Create security_ecc instance based on recipient's private key security_ecc ec(ec_elliptic_curves::nist_p_256, p__privateEncKey); security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__publicEphemeralKeyCompressed, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); // 2. Generate the shared secret value based on recipient's public ephemeral keys will be required if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p__privateEncKey, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector) == -1) { // 2. Generate the shared secret value based on public ephemeral keys will be required if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector, p__salt) == -1) { loggers::get_instance().warning("fx__decryptWithEciesNistp256WithSha256: Failed to generate shared secret"); return OCTETSTRING(0, nullptr); } Loading @@ -693,7 +752,7 @@ namespace LibItsSecurity__Functions loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__recipientsPublicKeyCompressed: ", p__recipientsPublicKeyCompressed); loggers::get_instance().log(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode)); // 1. Generate new Private/Public key // 1. Generate new ephemeral Private/Public keys security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1); if (ec.generate() == -1) { loggers::get_instance().warning(": Failed to generate ephemeral keys"); Loading @@ -701,7 +760,7 @@ namespace LibItsSecurity__Functions } // 2. Generate and derive shared secret security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y()) == -1) { if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), OCTETSTRING(0, nullptr)) == -1) { loggers::get_instance().warning(": Failed to generate and derive secret key"); return OCTETSTRING(0, nullptr); } Loading Loading @@ -742,12 +801,12 @@ namespace LibItsSecurity__Functions loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector); loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key); // 1. Create security_ecc instance // 1. Create security_ecc instance based on public ephemeral keys security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1, p__privateEncKey); security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__publicEphemeralKeyCompressed, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); // 2. Generate the shared secret value based on recipient's public ephemeral keys will be required if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p__privateEncKey, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector) == -1) { // 2. Generate the shared secret value based on public ephemeral keys will be required if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector, OCTETSTRING(0, nullptr)) == -1) { loggers::get_instance().warning("fx__decryptWithEciesBrainpoolp256WithSha256: Failed to generate shared secret"); return OCTETSTRING(0, nullptr); } Loading ccsrc/Protocols/Http/http_codec.cc +15 −1 Original line number Diff line number Diff line Loading @@ -399,10 +399,14 @@ int http_codec::encode_body(const LibItsHttp__MessageBodyTypes::HttpMessageBody& loggers::get_instance().log("http_codec::encode_body: Call '%s'", it->first.c_str()); _codecs["http_its"]->encode((Record_Type&)binary_body.ieee1609dot2__data(), p_encoding_buffer); // TODO Use params // TODO Encode in hex string #if !defined(GEMALTO_FIX) // GEMALTO Encode in hex string CHARSTRING buf = oct2str(p_encoding_buffer); p_encoding_buffer = OCTETSTRING(buf.lengthof(), (const unsigned char*)(static_cast<const char*>(buf))); loggers::get_instance().log_msg("http_codec::encode_body: Convert binary to string: ", p_encoding_buffer); #endif processed = true; } Loading Loading @@ -472,6 +476,16 @@ int http_codec::decode_body(TTCN_Buffer& decoding_buffer, LibItsHttp__MessageBod OCTETSTRING s(decoding_buffer.get_len() - decoding_buffer.get_pos(), decoding_buffer.get_data() + decoding_buffer.get_pos()); loggers::get_instance().log_msg("http_codec::decode_body: raw body=", s); #if !defined(GEMALTO_FIX) // GEMALTO Encode in hex string s = str2oct(CHARSTRING(s.lengthof(), (const char*)(static_cast<const unsigned char*>(s)))); loggers::get_instance().log_msg("http_codec::decode_body: Convert string to binary: ", s); #endif // Align the payload length with the specified Content-lenght value loggers::get_instance().log("http_codec::decode_body: _dc.length=%d - body length=%d", _dc.length, s.lengthof()); OCTETSTRING body; Loading ccsrc/Protocols/Security/hmac.hh +1 −1 Original line number Diff line number Diff line Loading @@ -51,7 +51,7 @@ public: * \param[out] p_hmac The HMAC value based of the provided data * \return 0 on success, -1 otherwise */ int generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac); int generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac); // TODO Use reference & /*! * \fn int generate(const unsigned char* p_buffer, const size_t p_buffer_length, const unsigned char* p_secret_key, const size_t p_secret_key_length, OCTETSTRING& p_hmac); Loading ccsrc/Protocols/Security/security_ecc.cc +167 −75 File changed.Preview size limit exceeded, changes collapsed. Show changes ccsrc/Protocols/Security/security_ecc.hh +14 −12 Original line number Diff line number Diff line Loading @@ -128,7 +128,7 @@ public: //! \publicsection /*! * \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y); * \brief Generate a shared secret key and derive it using KDF2 algorithm. * This method shall be used by the sender. Fresh keys will be genrated for each cyphering operation * This method shall be used for encryption, fresh keys will be genrated for each cyphering operation * \param[in] p_enc_algorithm The encryption algorithm to be used * \param[in] p_recipients_public_key_x The recipient public key X-coordinate * \param[in] p_recipients_public_key_x The recipient public key Y-coordinate Loading @@ -138,21 +138,20 @@ public: //! \publicsection * \see encrypt methog to encrypt a message based of the generated symetric encryption key * \return 0 on success, -1 otherwise */ int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y); int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y, const OCTETSTRING& p_salt); /*! * \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y); * \brief Generate a shared secret key and derive it using KDF2 algorithm. * This method shall be used for decryption process * \param[in] p_enc_algorithm The encryption algorithm to be used * \param[in] p_private_enc_key The private encryption key associated to the public encryption key * \param[in] p_ephemeral_public_key_x The recipient public key X-coordinate * \param[in] p_ephemeral_public_key_x The recipient public key Y-coordinate * \param[in] p_ephemeral_public_key_y The recipient public key Y-coordinate * \remark To get the secret key, uses \see secret_key method * \remark To get the decrypteded symmetric encryption key, uses \see symmetric_encryption_key method * \return 0 on success, -1 otherwise */ int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector); int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_recipients_compressed_key_x, const INTEGER& p_compressed_mode, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector); int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector, const OCTETSTRING& p_salt); /*! * \fn int encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message); Loading Loading @@ -217,6 +216,13 @@ public: //! \publicsection inline const OCTETSTRING& encryption_key_y() const { return _enc_key_y; }; inline const OCTETSTRING& encrypted_symmetric_key() const { return _enc_sym_key; }; inline const OCTETSTRING& symmetric_encryption_key() const { return _sym_key; }; /*! * \fn void symmetric_encryption_key(const OCTETSTRING& p_sym_key); * \brief Set AES symmetric key value. * To be used for test purpose only * \see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES */ inline void symmetric_encryption_key(const OCTETSTRING& p_sym_key) { _sym_key = p_sym_key; }; inline const OCTETSTRING& nonce() const { return _nonce; }; inline const OCTETSTRING& tag() const { return _tag; }; Loading @@ -240,10 +246,6 @@ private: //! \privatesection */ int public_key_to_bin(OCTETSTRING& p_bin_key); /*int multiply_point_with_bn(const EC_POINT &a, const BIGNUM* b, EC_POINT **P); // R: XY-coordinate compressed, S: Share Secret int derive_s_from_private_key(BIGNUM *S, BIGNUM *R); // R: XY-coordinate compressed, S: Share Secret int derive_s_from_public_key(BIGNUM *S, BIGNUM *R);*/ int kdf2(const OCTETSTRING& p_secret_key, const OCTETSTRING& p_salt, const unsigned char p_hash_algorithm, const int p_key_length, OCTETSTRING& p_digest); int kdf2_sha256(const OCTETSTRING& p_secret_key, const OCTETSTRING& p_salt, const int p_key_length, OCTETSTRING& p_digest); }; // End of class security_ecc Loading
ccsrc/Externals/LibItsSecurity_externals.cc +78 −19 Original line number Diff line number Diff line Loading @@ -547,6 +547,21 @@ namespace LibItsSecurity__Functions return os; } OCTETSTRING fx__test__encrypt__aes__128__gcm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__test__encrypt__aes__128__gcm__test"); security_ecc ec(ec_elliptic_curves::nist_p_256); OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_gcm, p__k, p__n, p__pt, enc_message) == -1) { loggers::get_instance().warning("fx__test__encrypt__aes__128__gcm__test: Failed to encrypt message"); return OCTETSTRING(0, nullptr); } OCTETSTRING os(enc_message + ec.tag()); loggers::get_instance().log_msg("fx__test__encrypt__aes__128__gcm__test: encrypted message: ", os); return os; } /** * \fn OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct); * \brief Encrypt the message using AES 128 CCM algorithm Loading Loading @@ -593,39 +608,39 @@ namespace LibItsSecurity__Functions * \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf */ // TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) { OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) { loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage); loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyCompressed", p__recipientsPublicKeyCompressed); loggers::get_instance().log(">>> fx__encryptWithEciesNistp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode)); loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__salt", p__salt); // 1. Generate new Private/Public key // 1. Generate new Private/Public Ephemeral key security_ecc ec(ec_elliptic_curves::nist_p_256); if (ec.generate() == -1) { loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys"); return OCTETSTRING(0, nullptr); } // 2. Generate and derive shared secret // 2. Generate and derive shared secret based on recipient's private keys security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y()) == -1) { if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) { loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key"); return OCTETSTRING(0, nullptr); } // Set the encrypted symmetric key loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Symmetric encryption key: ", ec.symmetric_encryption_key()); p__encrypted__sym__key = ec.encrypted_symmetric_key(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Encrypted symmetric key: ", p__encrypted__sym__key); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key); // Set the tag of the symmetric key encryption p__authentication__vector = ec.tag(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector); // Set ephemeral public keys p__publicEphemeralKeyCompressed = ec.public_key_compressed(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__publicEphemeralKeyCompressed: ", p__publicEphemeralKeyCompressed); p__ephemeralCompressedMode = (ec.public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1; loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed mode: %d", p__ephemeralCompressedMode); loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: p__ephemeralCompressedMode: %d", p__ephemeralCompressedMode); // 3. Retrieve AES 128 parameters p__nonce = ec.nonce(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce); OCTETSTRING enc_symm_key = ec.symmetric_encryption_key(); loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: enc_symm_key: ", enc_symm_key); // 4. Encrypt the data using AES-128 CCM OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) { Loading @@ -638,6 +653,49 @@ namespace LibItsSecurity__Functions return enc_message; } /** * @desc Test function for ECIES NIST P-256 Encryption with SHA-256 * @remark For the purpose of testing, the content of p__toBeEncryptedSecuredMessage is the AES 128 symmetric key to be encrypted */ OCTETSTRING fx__test__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__privateEphemeralKey, const OCTETSTRING& p__recipientPublicKeyX, const OCTETSTRING& p__recipientPublicKeyY, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyX, OCTETSTRING& p__publicEphemeralKeyY, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) { // 1. Generate new ephemeral Private/Public keys security_ecc ec(ec_elliptic_curves::nist_p_256, p__privateEphemeralKey); p__publicEphemeralKeyX = ec.public_key_x(); p__publicEphemeralKeyY = ec.public_key_y(); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: Vx=", p__publicEphemeralKeyX); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: Vy=", p__publicEphemeralKeyY); // 2. Generate and derive shared secret security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientPublicKeyX, p__recipientPublicKeyY); ec.symmetric_encryption_key(p__toBeEncryptedSecuredMessage); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: ", ec.encrypted_symmetric_key()); if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) { loggers::get_instance().warning("fx__test__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key"); return OCTETSTRING(0, nullptr); } loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: symmetric_encryption_key: ", ec.symmetric_encryption_key()); // Set the encrypted symmetric key p__encrypted__sym__key = ec.encrypted_symmetric_key(); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key); // Set the tag of the symmetric key encryption p__authentication__vector = ec.tag(); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector); // 3. Retrieve AES 128 parameters p__nonce = ec.nonce(); loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce); // 4. Encrypt the data using AES-128 CCM OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) { loggers::get_instance().warning("fx__test__encryptWithEciesNistp256WithSha256: Failed to encrypt message"); return OCTETSTRING(0, nullptr); } enc_message += ec.tag(); loggers::get_instance().log_to_hexa("fx__test__encryptWithEciesNistp256WithSha256: enc message||Tag: ", enc_message); return enc_message; } /** * \fn OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyX, const OCTETSTRING& p__publicEphemeralKeyY, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce); * \brief Decrypt the message using ECIES algorithm to decrypt AES 128 CCM symmetric key, as defined in IEEE Std 1609.2-2017 Loading @@ -654,7 +712,7 @@ namespace LibItsSecurity__Functions * \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf */ // TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce) { OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyCompressed, const INTEGER& p__ephemeralCompressedMode, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce, const OCTETSTRING& p__salt) { loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__encryptedSecuredMessage); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__privateEncKey: ", p__privateEncKey); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__publicEphemeralKeyCompressed: ", p__publicEphemeralKeyCompressed); Loading @@ -662,13 +720,14 @@ namespace LibItsSecurity__Functions loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key); loggers::get_instance().log_msg(">>> fx__decryptWithEciesNistp256WithSha256: p__salt", p__salt); // 1. Create security_ecc instance // 1. Create security_ecc instance based on recipient's private key security_ecc ec(ec_elliptic_curves::nist_p_256, p__privateEncKey); security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__publicEphemeralKeyCompressed, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); // 2. Generate the shared secret value based on recipient's public ephemeral keys will be required if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p__privateEncKey, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector) == -1) { // 2. Generate the shared secret value based on public ephemeral keys will be required if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector, p__salt) == -1) { loggers::get_instance().warning("fx__decryptWithEciesNistp256WithSha256: Failed to generate shared secret"); return OCTETSTRING(0, nullptr); } Loading @@ -693,7 +752,7 @@ namespace LibItsSecurity__Functions loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__recipientsPublicKeyCompressed: ", p__recipientsPublicKeyCompressed); loggers::get_instance().log(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode)); // 1. Generate new Private/Public key // 1. Generate new ephemeral Private/Public keys security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1); if (ec.generate() == -1) { loggers::get_instance().warning(": Failed to generate ephemeral keys"); Loading @@ -701,7 +760,7 @@ namespace LibItsSecurity__Functions } // 2. Generate and derive shared secret security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y()) == -1) { if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), OCTETSTRING(0, nullptr)) == -1) { loggers::get_instance().warning(": Failed to generate and derive secret key"); return OCTETSTRING(0, nullptr); } Loading Loading @@ -742,12 +801,12 @@ namespace LibItsSecurity__Functions loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector); loggers::get_instance().log_msg(">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key); // 1. Create security_ecc instance // 1. Create security_ecc instance based on public ephemeral keys security_ecc ec(ec_elliptic_curves::brainpool_p_256_r1, p__privateEncKey); security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__publicEphemeralKeyCompressed, (static_cast<int>(p__ephemeralCompressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); // 2. Generate the shared secret value based on recipient's public ephemeral keys will be required if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, p__privateEncKey, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector) == -1) { // 2. Generate the shared secret value based on public ephemeral keys will be required if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__encrypted__sym__key, p__nonce, p__authentication__vector, OCTETSTRING(0, nullptr)) == -1) { loggers::get_instance().warning("fx__decryptWithEciesBrainpoolp256WithSha256: Failed to generate shared secret"); return OCTETSTRING(0, nullptr); } Loading
ccsrc/Protocols/Http/http_codec.cc +15 −1 Original line number Diff line number Diff line Loading @@ -399,10 +399,14 @@ int http_codec::encode_body(const LibItsHttp__MessageBodyTypes::HttpMessageBody& loggers::get_instance().log("http_codec::encode_body: Call '%s'", it->first.c_str()); _codecs["http_its"]->encode((Record_Type&)binary_body.ieee1609dot2__data(), p_encoding_buffer); // TODO Use params // TODO Encode in hex string #if !defined(GEMALTO_FIX) // GEMALTO Encode in hex string CHARSTRING buf = oct2str(p_encoding_buffer); p_encoding_buffer = OCTETSTRING(buf.lengthof(), (const unsigned char*)(static_cast<const char*>(buf))); loggers::get_instance().log_msg("http_codec::encode_body: Convert binary to string: ", p_encoding_buffer); #endif processed = true; } Loading Loading @@ -472,6 +476,16 @@ int http_codec::decode_body(TTCN_Buffer& decoding_buffer, LibItsHttp__MessageBod OCTETSTRING s(decoding_buffer.get_len() - decoding_buffer.get_pos(), decoding_buffer.get_data() + decoding_buffer.get_pos()); loggers::get_instance().log_msg("http_codec::decode_body: raw body=", s); #if !defined(GEMALTO_FIX) // GEMALTO Encode in hex string s = str2oct(CHARSTRING(s.lengthof(), (const char*)(static_cast<const unsigned char*>(s)))); loggers::get_instance().log_msg("http_codec::decode_body: Convert string to binary: ", s); #endif // Align the payload length with the specified Content-lenght value loggers::get_instance().log("http_codec::decode_body: _dc.length=%d - body length=%d", _dc.length, s.lengthof()); OCTETSTRING body; Loading
ccsrc/Protocols/Security/hmac.hh +1 −1 Original line number Diff line number Diff line Loading @@ -51,7 +51,7 @@ public: * \param[out] p_hmac The HMAC value based of the provided data * \return 0 on success, -1 otherwise */ int generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac); int generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac); // TODO Use reference & /*! * \fn int generate(const unsigned char* p_buffer, const size_t p_buffer_length, const unsigned char* p_secret_key, const size_t p_secret_key_length, OCTETSTRING& p_hmac); Loading
ccsrc/Protocols/Security/security_ecc.cc +167 −75 File changed.Preview size limit exceeded, changes collapsed. Show changes
ccsrc/Protocols/Security/security_ecc.hh +14 −12 Original line number Diff line number Diff line Loading @@ -128,7 +128,7 @@ public: //! \publicsection /*! * \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y); * \brief Generate a shared secret key and derive it using KDF2 algorithm. * This method shall be used by the sender. Fresh keys will be genrated for each cyphering operation * This method shall be used for encryption, fresh keys will be genrated for each cyphering operation * \param[in] p_enc_algorithm The encryption algorithm to be used * \param[in] p_recipients_public_key_x The recipient public key X-coordinate * \param[in] p_recipients_public_key_x The recipient public key Y-coordinate Loading @@ -138,21 +138,20 @@ public: //! \publicsection * \see encrypt methog to encrypt a message based of the generated symetric encryption key * \return 0 on success, -1 otherwise */ int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y); int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y, const OCTETSTRING& p_salt); /*! * \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y); * \brief Generate a shared secret key and derive it using KDF2 algorithm. * This method shall be used for decryption process * \param[in] p_enc_algorithm The encryption algorithm to be used * \param[in] p_private_enc_key The private encryption key associated to the public encryption key * \param[in] p_ephemeral_public_key_x The recipient public key X-coordinate * \param[in] p_ephemeral_public_key_x The recipient public key Y-coordinate * \param[in] p_ephemeral_public_key_y The recipient public key Y-coordinate * \remark To get the secret key, uses \see secret_key method * \remark To get the decrypteded symmetric encryption key, uses \see symmetric_encryption_key method * \return 0 on success, -1 otherwise */ int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector); int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_recipients_compressed_key_x, const INTEGER& p_compressed_mode, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector); int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y, const OCTETSTRING& p_enc_sym_key, const OCTETSTRING& p_expected_nonce, const OCTETSTRING& p_authentication_vector, const OCTETSTRING& p_salt); /*! * \fn int encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message); Loading Loading @@ -217,6 +216,13 @@ public: //! \publicsection inline const OCTETSTRING& encryption_key_y() const { return _enc_key_y; }; inline const OCTETSTRING& encrypted_symmetric_key() const { return _enc_sym_key; }; inline const OCTETSTRING& symmetric_encryption_key() const { return _sym_key; }; /*! * \fn void symmetric_encryption_key(const OCTETSTRING& p_sym_key); * \brief Set AES symmetric key value. * To be used for test purpose only * \see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES */ inline void symmetric_encryption_key(const OCTETSTRING& p_sym_key) { _sym_key = p_sym_key; }; inline const OCTETSTRING& nonce() const { return _nonce; }; inline const OCTETSTRING& tag() const { return _tag; }; Loading @@ -240,10 +246,6 @@ private: //! \privatesection */ int public_key_to_bin(OCTETSTRING& p_bin_key); /*int multiply_point_with_bn(const EC_POINT &a, const BIGNUM* b, EC_POINT **P); // R: XY-coordinate compressed, S: Share Secret int derive_s_from_private_key(BIGNUM *S, BIGNUM *R); // R: XY-coordinate compressed, S: Share Secret int derive_s_from_public_key(BIGNUM *S, BIGNUM *R);*/ int kdf2(const OCTETSTRING& p_secret_key, const OCTETSTRING& p_salt, const unsigned char p_hash_algorithm, const int p_key_length, OCTETSTRING& p_digest); int kdf2_sha256(const OCTETSTRING& p_secret_key, const OCTETSTRING& p_salt, const int p_key_length, OCTETSTRING& p_digest); }; // End of class security_ecc
