Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
ITS - Intelligent Transport Systems
ITS
Commits
2731bdfd
Commit
2731bdfd
authored
Nov 16, 2018
by
garciay
Browse files
Major bugs fixed in security_ecc, remove useless folders for STF525
parent
8584645f
Changes
1000
Expand all
Hide whitespace changes
Inline
Side-by-side
Too many changes to show.
To preserve performance only
20 of 1000+
files are displayed.
Plain diff
Email patch
ccsrc/Externals/LibItsSecurity_externals.cc
View file @
2731bdfd
...
...
@@ -547,6 +547,21 @@ namespace LibItsSecurity__Functions
return
os
;
}
OCTETSTRING
fx__test__encrypt__aes__128__gcm__test
(
const
OCTETSTRING
&
p__k
,
const
OCTETSTRING
&
p__n
,
const
OCTETSTRING
&
p__pt
)
{
loggers
::
get_instance
().
log
(
">>> fx__test__encrypt__aes__128__gcm__test"
);
security_ecc
ec
(
ec_elliptic_curves
::
nist_p_256
);
OCTETSTRING
enc_message
;
if
(
ec
.
encrypt
(
encryption_algotithm
::
aes_128_gcm
,
p__k
,
p__n
,
p__pt
,
enc_message
)
==
-
1
)
{
loggers
::
get_instance
().
warning
(
"fx__test__encrypt__aes__128__gcm__test: Failed to encrypt message"
);
return
OCTETSTRING
(
0
,
nullptr
);
}
OCTETSTRING
os
(
enc_message
+
ec
.
tag
());
loggers
::
get_instance
().
log_msg
(
"fx__test__encrypt__aes__128__gcm__test: encrypted message: "
,
os
);
return
os
;
}
/**
* \fn OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct);
* \brief Encrypt the message using AES 128 CCM algorithm
...
...
@@ -593,39 +608,39 @@ namespace LibItsSecurity__Functions
* \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf
*/
// TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
OCTETSTRING
fx__encryptWithEciesNistp256WithSha256
(
const
OCTETSTRING
&
p__toBeEncryptedSecuredMessage
,
const
OCTETSTRING
&
p__recipientsPublicKeyCompressed
,
const
INTEGER
&
p__compressedMode
,
OCTETSTRING
&
p__publicEphemeralKeyCompressed
,
INTEGER
&
p__ephemeralCompressedMode
,
OCTETSTRING
&
p__encrypted__sym__key
,
OCTETSTRING
&
p__authentication__vector
,
OCTETSTRING
&
p__nonce
)
{
OCTETSTRING
fx__encryptWithEciesNistp256WithSha256
(
const
OCTETSTRING
&
p__toBeEncryptedSecuredMessage
,
const
OCTETSTRING
&
p__recipientsPublicKeyCompressed
,
const
INTEGER
&
p__compressedMode
,
const
OCTETSTRING
&
p__salt
,
OCTETSTRING
&
p__publicEphemeralKeyCompressed
,
INTEGER
&
p__ephemeralCompressedMode
,
OCTETSTRING
&
p__encrypted__sym__key
,
OCTETSTRING
&
p__authentication__vector
,
OCTETSTRING
&
p__nonce
)
{
loggers
::
get_instance
().
log_msg
(
">>> fx__encryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: "
,
p__toBeEncryptedSecuredMessage
);
loggers
::
get_instance
().
log_msg
(
">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyCompressed"
,
p__recipientsPublicKeyCompressed
);
loggers
::
get_instance
().
log
(
">>> fx__encryptWithEciesNistp256WithSha256: p__compressedMode: %d"
,
static_cast
<
int
>
(
p__compressedMode
));
loggers
::
get_instance
().
log_msg
(
">>> fx__encryptWithEciesNistp256WithSha256: p__salt"
,
p__salt
);
// 1. Generate new Private/Public key
// 1. Generate new Private/Public
Ephemeral
key
security_ecc
ec
(
ec_elliptic_curves
::
nist_p_256
);
if
(
ec
.
generate
()
==
-
1
)
{
loggers
::
get_instance
().
warning
(
"fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys"
);
return
OCTETSTRING
(
0
,
nullptr
);
}
// 2. Generate and derive shared secret
// 2. Generate and derive shared secret
based on recipient's private keys
security_ecc
ec_comp
(
ec_elliptic_curves
::
nist_p_256
,
p__recipientsPublicKeyCompressed
,
(
static_cast
<
int
>
(
p__compressedMode
)
==
0
)
?
ecc_compressed_mode
::
compressed_y_0
:
ecc_compressed_mode
::
compressed_y_1
);
if
(
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ec_comp
.
public_key_x
(),
ec_comp
.
public_key_y
())
==
-
1
)
{
if
(
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ec_comp
.
public_key_x
(),
ec_comp
.
public_key_y
()
,
p__salt
)
==
-
1
)
{
loggers
::
get_instance
().
warning
(
"fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key"
);
return
OCTETSTRING
(
0
,
nullptr
);
}
// Set the encrypted symmetric key
loggers
::
get_instance
().
log_msg
(
"fx__encryptWithEciesNistp256WithSha256: Symmetric encryption key: "
,
ec
.
symmetric_encryption_key
());
p__encrypted__sym__key
=
ec
.
encrypted_symmetric_key
();
loggers
::
get_instance
().
log_msg
(
"fx__encryptWithEciesNistp256WithSha256:
E
ncrypted
sym
metric
key: "
,
p__encrypted__sym__key
);
loggers
::
get_instance
().
log_msg
(
"fx__encryptWithEciesNistp256WithSha256:
p__e
ncrypted
__
sym
__
key: "
,
p__encrypted__sym__key
);
// Set the tag of the symmetric key encryption
p__authentication__vector
=
ec
.
tag
();
loggers
::
get_instance
().
log_msg
(
"fx__encryptWithEciesNistp256WithSha256: p__authentication__vector: "
,
p__authentication__vector
);
// Set ephemeral public keys
p__publicEphemeralKeyCompressed
=
ec
.
public_key_compressed
();
loggers
::
get_instance
().
log_msg
(
"fx__encryptWithEciesNistp256WithSha256:
Ephemeral public c
ompressed
key
: "
,
p__publicEphemeralKeyCompressed
);
loggers
::
get_instance
().
log_msg
(
"fx__encryptWithEciesNistp256WithSha256:
p__publicEphemeralKeyC
ompressed: "
,
p__publicEphemeralKeyCompressed
);
p__ephemeralCompressedMode
=
(
ec
.
public_key_compressed_mode
()
==
ecc_compressed_mode
::
compressed_y_0
)
?
0
:
1
;
loggers
::
get_instance
().
log
(
"fx__encryptWithEciesNistp256WithSha256:
E
phemeral
public c
ompressed
m
ode: %d"
,
p__ephemeralCompressedMode
);
loggers
::
get_instance
().
log
(
"fx__encryptWithEciesNistp256WithSha256:
p__e
phemeral
C
ompressed
M
ode: %d"
,
p__ephemeralCompressedMode
);
// 3. Retrieve AES 128 parameters
p__nonce
=
ec
.
nonce
();
loggers
::
get_instance
().
log_msg
(
"fx__encryptWithEciesNistp256WithSha256: p__nonce: "
,
p__nonce
);
OCTETSTRING
enc_symm_key
=
ec
.
symmetric_encryption_key
();
loggers
::
get_instance
().
log_msg
(
"fx__encryptWithEciesNistp256WithSha256: enc_symm_key: "
,
enc_symm_key
);
// 4. Encrypt the data using AES-128 CCM
OCTETSTRING
enc_message
;
if
(
ec
.
encrypt
(
encryption_algotithm
::
aes_128_ccm
,
ec
.
symmetric_encryption_key
(),
ec
.
nonce
(),
p__toBeEncryptedSecuredMessage
,
enc_message
)
==
-
1
)
{
...
...
@@ -637,7 +652,50 @@ namespace LibItsSecurity__Functions
return
enc_message
;
}
/**
* @desc Test function for ECIES NIST P-256 Encryption with SHA-256
* @remark For the purpose of testing, the content of p__toBeEncryptedSecuredMessage is the AES 128 symmetric key to be encrypted
*/
OCTETSTRING
fx__test__encryptWithEciesNistp256WithSha256
(
const
OCTETSTRING
&
p__toBeEncryptedSecuredMessage
,
const
OCTETSTRING
&
p__privateEphemeralKey
,
const
OCTETSTRING
&
p__recipientPublicKeyX
,
const
OCTETSTRING
&
p__recipientPublicKeyY
,
const
OCTETSTRING
&
p__salt
,
OCTETSTRING
&
p__publicEphemeralKeyX
,
OCTETSTRING
&
p__publicEphemeralKeyY
,
OCTETSTRING
&
p__encrypted__sym__key
,
OCTETSTRING
&
p__authentication__vector
,
OCTETSTRING
&
p__nonce
)
{
// 1. Generate new ephemeral Private/Public keys
security_ecc
ec
(
ec_elliptic_curves
::
nist_p_256
,
p__privateEphemeralKey
);
p__publicEphemeralKeyX
=
ec
.
public_key_x
();
p__publicEphemeralKeyY
=
ec
.
public_key_y
();
loggers
::
get_instance
().
log_msg
(
"fx__test__encryptWithEciesNistp256WithSha256: Vx="
,
p__publicEphemeralKeyX
);
loggers
::
get_instance
().
log_msg
(
"fx__test__encryptWithEciesNistp256WithSha256: Vy="
,
p__publicEphemeralKeyY
);
// 2. Generate and derive shared secret
security_ecc
ec_comp
(
ec_elliptic_curves
::
nist_p_256
,
p__recipientPublicKeyX
,
p__recipientPublicKeyY
);
ec
.
symmetric_encryption_key
(
p__toBeEncryptedSecuredMessage
);
loggers
::
get_instance
().
log_msg
(
"fx__test__encryptWithEciesNistp256WithSha256: "
,
ec
.
encrypted_symmetric_key
());
if
(
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ec_comp
.
public_key_x
(),
ec_comp
.
public_key_y
(),
p__salt
)
==
-
1
)
{
loggers
::
get_instance
().
warning
(
"fx__test__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key"
);
return
OCTETSTRING
(
0
,
nullptr
);
}
loggers
::
get_instance
().
log_msg
(
"fx__test__encryptWithEciesNistp256WithSha256: symmetric_encryption_key: "
,
ec
.
symmetric_encryption_key
());
// Set the encrypted symmetric key
p__encrypted__sym__key
=
ec
.
encrypted_symmetric_key
();
loggers
::
get_instance
().
log_msg
(
"fx__test__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: "
,
p__encrypted__sym__key
);
// Set the tag of the symmetric key encryption
p__authentication__vector
=
ec
.
tag
();
loggers
::
get_instance
().
log_msg
(
"fx__test__encryptWithEciesNistp256WithSha256: p__authentication__vector: "
,
p__authentication__vector
);
// 3. Retrieve AES 128 parameters
p__nonce
=
ec
.
nonce
();
loggers
::
get_instance
().
log_msg
(
"fx__test__encryptWithEciesNistp256WithSha256: p__nonce: "
,
p__nonce
);
// 4. Encrypt the data using AES-128 CCM
OCTETSTRING
enc_message
;
if
(
ec
.
encrypt
(
encryption_algotithm
::
aes_128_ccm
,
ec
.
symmetric_encryption_key
(),
ec
.
nonce
(),
p__toBeEncryptedSecuredMessage
,
enc_message
)
==
-
1
)
{
loggers
::
get_instance
().
warning
(
"fx__test__encryptWithEciesNistp256WithSha256: Failed to encrypt message"
);
return
OCTETSTRING
(
0
,
nullptr
);
}
enc_message
+=
ec
.
tag
();
loggers
::
get_instance
().
log_to_hexa
(
"fx__test__encryptWithEciesNistp256WithSha256: enc message||Tag: "
,
enc_message
);
return
enc_message
;
}
/**
* \fn OCTETSTRING fx__decryptWithEciesNistp256WithSha256(const OCTETSTRING& p__encryptedSecuredMessage, const OCTETSTRING& p__privateEncKey, const OCTETSTRING& p__publicEphemeralKeyX, const OCTETSTRING& p__publicEphemeralKeyY, const OCTETSTRING& p__encrypted__sym__key, const OCTETSTRING& p__authentication__vector, const OCTETSTRING& p__nonce);
* \brief Decrypt the message using ECIES algorithm to decrypt AES 128 CCM symmetric key, as defined in IEEE Std 1609.2-2017
...
...
@@ -654,7 +712,7 @@ namespace LibItsSecurity__Functions
* \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf
*/
// TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
OCTETSTRING
fx__decryptWithEciesNistp256WithSha256
(
const
OCTETSTRING
&
p__encryptedSecuredMessage
,
const
OCTETSTRING
&
p__privateEncKey
,
const
OCTETSTRING
&
p__publicEphemeralKeyCompressed
,
const
INTEGER
&
p__ephemeralCompressedMode
,
const
OCTETSTRING
&
p__encrypted__sym__key
,
const
OCTETSTRING
&
p__authentication__vector
,
const
OCTETSTRING
&
p__nonce
)
{
OCTETSTRING
fx__decryptWithEciesNistp256WithSha256
(
const
OCTETSTRING
&
p__encryptedSecuredMessage
,
const
OCTETSTRING
&
p__privateEncKey
,
const
OCTETSTRING
&
p__publicEphemeralKeyCompressed
,
const
INTEGER
&
p__ephemeralCompressedMode
,
const
OCTETSTRING
&
p__encrypted__sym__key
,
const
OCTETSTRING
&
p__authentication__vector
,
const
OCTETSTRING
&
p__nonce
,
const
OCTETSTRING
&
p__salt
)
{
loggers
::
get_instance
().
log_msg
(
">>> fx__decryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: "
,
p__encryptedSecuredMessage
);
loggers
::
get_instance
().
log_msg
(
">>> fx__decryptWithEciesNistp256WithSha256: p__privateEncKey: "
,
p__privateEncKey
);
loggers
::
get_instance
().
log_msg
(
">>> fx__decryptWithEciesNistp256WithSha256: p__publicEphemeralKeyCompressed: "
,
p__publicEphemeralKeyCompressed
);
...
...
@@ -662,13 +720,14 @@ namespace LibItsSecurity__Functions
loggers
::
get_instance
().
log_msg
(
">>> fx__decryptWithEciesNistp256WithSha256: p__nonce: "
,
p__nonce
);
loggers
::
get_instance
().
log_msg
(
">>> fx__decryptWithEciesNistp256WithSha256: p__authentication__vector: "
,
p__authentication__vector
);
loggers
::
get_instance
().
log_msg
(
">>> fx__decryptWithEciesNistp256WithSha256: p__encrypted__sym__key: "
,
p__encrypted__sym__key
);
loggers
::
get_instance
().
log_msg
(
">>> fx__decryptWithEciesNistp256WithSha256: p__salt"
,
p__salt
);
// 1. Create security_ecc instance
// 1. Create security_ecc instance
based on recipient's private key
security_ecc
ec
(
ec_elliptic_curves
::
nist_p_256
,
p__privateEncKey
);
security_ecc
ec_comp
(
ec_elliptic_curves
::
nist_p_256
,
p__publicEphemeralKeyCompressed
,
(
static_cast
<
int
>
(
p__ephemeralCompressedMode
)
==
0
)
?
ecc_compressed_mode
::
compressed_y_0
:
ecc_compressed_mode
::
compressed_y_1
);
// 2. Generate the shared secret value based on
recipient's
public ephemeral keys will be required
if
(
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
p__privateEncKey
,
ec_comp
.
public_key_x
(),
ec_comp
.
public_key_y
(),
p__encrypted__sym__key
,
p__nonce
,
p__authentication__vector
)
==
-
1
)
{
// 2. Generate the shared secret value based on public ephemeral keys will be required
if
(
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ec_comp
.
public_key_x
(),
ec_comp
.
public_key_y
(),
p__encrypted__sym__key
,
p__nonce
,
p__authentication__vector
,
p__salt
)
==
-
1
)
{
loggers
::
get_instance
().
warning
(
"fx__decryptWithEciesNistp256WithSha256: Failed to generate shared secret"
);
return
OCTETSTRING
(
0
,
nullptr
);
}
...
...
@@ -693,7 +752,7 @@ namespace LibItsSecurity__Functions
loggers
::
get_instance
().
log_msg
(
">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__recipientsPublicKeyCompressed: "
,
p__recipientsPublicKeyCompressed
);
loggers
::
get_instance
().
log
(
">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__compressedMode: %d"
,
static_cast
<
int
>
(
p__compressedMode
));
// 1. Generate new Private/Public key
// 1. Generate new
ephemeral
Private/Public key
s
security_ecc
ec
(
ec_elliptic_curves
::
brainpool_p_256_r1
);
if
(
ec
.
generate
()
==
-
1
)
{
loggers
::
get_instance
().
warning
(
": Failed to generate ephemeral keys"
);
...
...
@@ -701,7 +760,7 @@ namespace LibItsSecurity__Functions
}
// 2. Generate and derive shared secret
security_ecc
ec_comp
(
ec_elliptic_curves
::
brainpool_p_256_r1
,
p__recipientsPublicKeyCompressed
,
(
static_cast
<
int
>
(
p__compressedMode
)
==
0
)
?
ecc_compressed_mode
::
compressed_y_0
:
ecc_compressed_mode
::
compressed_y_1
);
if
(
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ec_comp
.
public_key_x
(),
ec_comp
.
public_key_y
())
==
-
1
)
{
if
(
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ec_comp
.
public_key_x
(),
ec_comp
.
public_key_y
()
,
OCTETSTRING
(
0
,
nullptr
)
)
==
-
1
)
{
loggers
::
get_instance
().
warning
(
": Failed to generate and derive secret key"
);
return
OCTETSTRING
(
0
,
nullptr
);
}
...
...
@@ -742,12 +801,12 @@ namespace LibItsSecurity__Functions
loggers
::
get_instance
().
log_msg
(
">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: "
,
p__authentication__vector
);
loggers
::
get_instance
().
log_msg
(
">>> fx__decryptWithEciesBrainpoolp256WithSha256: p__encrypted__sym__key: "
,
p__encrypted__sym__key
);
// 1. Create security_ecc instance
// 1. Create security_ecc instance
based on public ephemeral keys
security_ecc
ec
(
ec_elliptic_curves
::
brainpool_p_256_r1
,
p__privateEncKey
);
security_ecc
ec_comp
(
ec_elliptic_curves
::
brainpool_p_256_r1
,
p__publicEphemeralKeyCompressed
,
(
static_cast
<
int
>
(
p__ephemeralCompressedMode
)
==
0
)
?
ecc_compressed_mode
::
compressed_y_0
:
ecc_compressed_mode
::
compressed_y_1
);
// 2. Generate the shared secret value based on
recipient's
public ephemeral keys will be required
if
(
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
p__privateEncKey
,
ec_comp
.
public_key_x
(),
ec_comp
.
public_key_y
(),
p__encrypted__sym__key
,
p__nonce
,
p__authentication__vector
)
==
-
1
)
{
// 2. Generate the shared secret value based on public ephemeral keys will be required
if
(
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ec_comp
.
public_key_x
(),
ec_comp
.
public_key_y
(),
p__encrypted__sym__key
,
p__nonce
,
p__authentication__vector
,
OCTETSTRING
(
0
,
nullptr
)
)
==
-
1
)
{
loggers
::
get_instance
().
warning
(
"fx__decryptWithEciesBrainpoolp256WithSha256: Failed to generate shared secret"
);
return
OCTETSTRING
(
0
,
nullptr
);
}
...
...
ccsrc/Protocols/Http/http_codec.cc
View file @
2731bdfd
...
...
@@ -399,10 +399,14 @@ int http_codec::encode_body(const LibItsHttp__MessageBodyTypes::HttpMessageBody&
loggers
::
get_instance
().
log
(
"http_codec::encode_body: Call '%s'"
,
it
->
first
.
c_str
());
_codecs
[
"http_its"
]
->
encode
((
Record_Type
&
)
binary_body
.
ieee1609dot2__data
(),
p_encoding_buffer
);
// TODO Use params
// TODO Encode in hex string
#if !defined(GEMALTO_FIX)
// GEMALTO Encode in hex string
CHARSTRING
buf
=
oct2str
(
p_encoding_buffer
);
p_encoding_buffer
=
OCTETSTRING
(
buf
.
lengthof
(),
(
const
unsigned
char
*
)(
static_cast
<
const
char
*>
(
buf
)));
loggers
::
get_instance
().
log_msg
(
"http_codec::encode_body: Convert binary to string: "
,
p_encoding_buffer
);
#endif
processed
=
true
;
}
...
...
@@ -472,6 +476,16 @@ int http_codec::decode_body(TTCN_Buffer& decoding_buffer, LibItsHttp__MessageBod
OCTETSTRING
s
(
decoding_buffer
.
get_len
()
-
decoding_buffer
.
get_pos
(),
decoding_buffer
.
get_data
()
+
decoding_buffer
.
get_pos
());
loggers
::
get_instance
().
log_msg
(
"http_codec::decode_body: raw body="
,
s
);
#if !defined(GEMALTO_FIX)
// GEMALTO Encode in hex string
s
=
str2oct
(
CHARSTRING
(
s
.
lengthof
(),
(
const
char
*
)(
static_cast
<
const
unsigned
char
*>
(
s
))));
loggers
::
get_instance
().
log_msg
(
"http_codec::decode_body: Convert string to binary: "
,
s
);
#endif
// Align the payload length with the specified Content-lenght value
loggers
::
get_instance
().
log
(
"http_codec::decode_body: _dc.length=%d - body length=%d"
,
_dc
.
length
,
s
.
lengthof
());
OCTETSTRING
body
;
...
...
ccsrc/Protocols/Security/hmac.hh
View file @
2731bdfd
...
...
@@ -51,7 +51,7 @@ public:
* \param[out] p_hmac The HMAC value based of the provided data
* \return 0 on success, -1 otherwise
*/
int
generate
(
const
OCTETSTRING
p_buffer
,
const
OCTETSTRING
p_secret_key
,
OCTETSTRING
&
p_hmac
);
int
generate
(
const
OCTETSTRING
p_buffer
,
const
OCTETSTRING
p_secret_key
,
OCTETSTRING
&
p_hmac
);
// TODO Use reference &
/*!
* \fn int generate(const unsigned char* p_buffer, const size_t p_buffer_length, const unsigned char* p_secret_key, const size_t p_secret_key_length, OCTETSTRING& p_hmac);
...
...
ccsrc/Protocols/Security/security_ecc.cc
View file @
2731bdfd
This diff is collapsed.
Click to expand it.
ccsrc/Protocols/Security/security_ecc.hh
View file @
2731bdfd
...
...
@@ -128,7 +128,7 @@ public: //! \publicsection
/*!
* \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_recipients_public_key_x, const OCTETSTRING& p_recipients_public_key_y);
* \brief Generate a shared secret key and derive it using KDF2 algorithm.
* This method shall be used
by the sender. F
resh keys will be genrated for each cyphering operation
* This method shall be used
for encryption, f
resh keys will be genrated for each cyphering operation
* \param[in] p_enc_algorithm The encryption algorithm to be used
* \param[in] p_recipients_public_key_x The recipient public key X-coordinate
* \param[in] p_recipients_public_key_x The recipient public key Y-coordinate
...
...
@@ -138,21 +138,20 @@ public: //! \publicsection
* \see encrypt methog to encrypt a message based of the generated symetric encryption key
* \return 0 on success, -1 otherwise
*/
int
generate_and_derive_ephemeral_key
(
const
encryption_algotithm
p_enc_algorithm
,
const
OCTETSTRING
&
p_recipients_public_key_x
,
const
OCTETSTRING
&
p_recipients_public_key_y
);
int
generate_and_derive_ephemeral_key
(
const
encryption_algotithm
p_enc_algorithm
,
const
OCTETSTRING
&
p_recipients_public_key_x
,
const
OCTETSTRING
&
p_recipients_public_key_y
,
const
OCTETSTRING
&
p_salt
);
/*!
* \fn int generate_and_derive_ephemeral_key(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_ephemeral_public_key_x, const OCTETSTRING& p_ephemeral_public_key_y);
* \brief Generate a shared secret key and derive it using KDF2 algorithm.
* This method shall be used for decryption process
* \param[in] p_enc_algorithm The encryption algorithm to be used
* \param[in] p_private_enc_key The private encryption key associated to the public encryption key
* \param[in] p_ephemeral_public_key_x The recipient public key X-coordinate
* \param[in] p_ephemeral_public_key_
x
The recipient public key Y-coordinate
* \param[in] p_ephemeral_public_key_
y
The recipient public key Y-coordinate
* \remark To get the secret key, uses \see secret_key method
* \remark To get the decrypteded symmetric encryption key, uses \see symmetric_encryption_key method
* \return 0 on success, -1 otherwise
*/
int
generate_and_derive_ephemeral_key
(
const
encryption_algotithm
p_enc_algorithm
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_ephemeral_public_key_x
,
const
OCTETSTRING
&
p_ephemeral_public_key_y
,
const
OCTETSTRING
&
p_enc_sym_key
,
const
OCTETSTRING
&
p_expected_nonce
,
const
OCTETSTRING
&
p_authentication_vector
);
int
generate_and_derive_ephemeral_key
(
const
encryption_algotithm
p_enc_algorithm
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_recipients_compressed_key_x
,
const
INTEGER
&
p_compressed_mode
,
const
OCTETSTRING
&
p_enc_sym_key
,
const
OCTETSTRING
&
p_expected_nonce
,
const
OCTETSTRING
&
p_authentication_vector
);
int
generate_and_derive_ephemeral_key
(
const
encryption_algotithm
p_enc_algorithm
,
const
OCTETSTRING
&
p_ephemeral_public_key_x
,
const
OCTETSTRING
&
p_ephemeral_public_key_y
,
const
OCTETSTRING
&
p_enc_sym_key
,
const
OCTETSTRING
&
p_expected_nonce
,
const
OCTETSTRING
&
p_authentication_vector
,
const
OCTETSTRING
&
p_salt
);
/*!
* \fn int encrypt(const encryption_algotithm p_enc_algorithm, const OCTETSTRING& p_message, OCTETSTRING& p_enc_message);
...
...
@@ -217,6 +216,13 @@ public: //! \publicsection
inline
const
OCTETSTRING
&
encryption_key_y
()
const
{
return
_enc_key_y
;
};
inline
const
OCTETSTRING
&
encrypted_symmetric_key
()
const
{
return
_enc_sym_key
;
};
inline
const
OCTETSTRING
&
symmetric_encryption_key
()
const
{
return
_sym_key
;
};
/*!
* \fn void symmetric_encryption_key(const OCTETSTRING& p_sym_key);
* \brief Set AES symmetric key value.
* To be used for test purpose only
* \see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES
*/
inline
void
symmetric_encryption_key
(
const
OCTETSTRING
&
p_sym_key
)
{
_sym_key
=
p_sym_key
;
};
inline
const
OCTETSTRING
&
nonce
()
const
{
return
_nonce
;
};
inline
const
OCTETSTRING
&
tag
()
const
{
return
_tag
;
};
...
...
@@ -240,10 +246,6 @@ private: //! \privatesection
*/
int
public_key_to_bin
(
OCTETSTRING
&
p_bin_key
);
/*int multiply_point_with_bn(const EC_POINT &a, const BIGNUM* b, EC_POINT **P);
// R: XY-coordinate compressed, S: Share Secret
int derive_s_from_private_key(BIGNUM *S, BIGNUM *R);
// R: XY-coordinate compressed, S: Share Secret
int derive_s_from_public_key(BIGNUM *S, BIGNUM *R);*/
int
kdf2
(
const
OCTETSTRING
&
p_secret_key
,
const
OCTETSTRING
&
p_salt
,
const
unsigned
char
p_hash_algorithm
,
const
int
p_key_length
,
OCTETSTRING
&
p_digest
);
int
kdf2_sha256
(
const
OCTETSTRING
&
p_secret_key
,
const
OCTETSTRING
&
p_salt
,
const
int
p_key_length
,
OCTETSTRING
&
p_digest
);
};
// End of class security_ecc
ccsrc/Protocols/Security/security_services.cc
View file @
2731bdfd
...
...
@@ -383,16 +383,16 @@ int security_services::process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2:
}
// 3. Generate the shared secret value based on recipient's public ephemeral keys will be required
security_ecc
ec
(
ec_elliptic_curves
::
nist_p_256
,
p_enc_key
);
int
result
;
security_ecc
ec
(
ec_elliptic_curves
::
nist_p_256
,
p_enc_key
);
if
(
ecies
->
v
().
ischosen
(
IEEE1609dot2BaseTypes
::
EccP256CurvePoint
::
ALT_uncompressedP256
))
{
result
=
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
p_enc_key
,
ecies
->
v
().
uncompressedP256
().
x
(),
ecies
->
v
().
uncompressedP256
().
y
(),
ecies
->
c
(),
p_encrypted_data
.
ciphertext
().
aes128ccm
().
nonce
(),
ecies
->
t
());
result
=
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ecies
->
v
().
uncompressedP256
().
x
(),
ecies
->
v
().
uncompressedP256
().
y
(),
ecies
->
c
(),
p_encrypted_data
.
ciphertext
().
aes128ccm
().
nonce
(),
ecies
->
t
()
,
OCTETSTRING
(
0
,
nullptr
)
);
}
else
if
(
ecies
->
v
().
ischosen
(
IEEE1609dot2BaseTypes
::
EccP256CurvePoint
::
ALT_compressed__y__0
))
{
const
INTEGER
compressed_mode
(
0
);
result
=
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
p_enc_key
,
ecies
->
v
().
compressed__y__0
(),
comp
ressed_mode
,
ecies
->
c
(),
p_encrypted_data
.
ciphertext
().
aes128ccm
().
nonce
(),
ecies
->
t
());
security_ecc
ec_comp
(
ec_elliptic_curves
::
nist_p_256
,
ecies
->
v
().
compressed__y__0
(),
ecc_compressed_mode
::
compressed_y_
0
);
result
=
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ec_comp
.
public_key_x
(),
ec_
comp
.
public_key_y
()
,
ecies
->
c
(),
p_encrypted_data
.
ciphertext
().
aes128ccm
().
nonce
(),
ecies
->
t
()
,
OCTETSTRING
(
0
,
nullptr
)
);
}
else
if
(
ecies
->
v
().
ischosen
(
IEEE1609dot2BaseTypes
::
EccP256CurvePoint
::
ALT_compressed__y__1
))
{
const
INTEGER
compressed_mode
(
1
);
result
=
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
p_enc_key
,
ecies
->
v
().
compressed__y__1
(),
comp
ressed_mode
,
ecies
->
c
(),
p_encrypted_data
.
ciphertext
().
aes128ccm
().
nonce
(),
ecies
->
t
());
security_ecc
ec_comp
(
ec_elliptic_curves
::
nist_p_256
,
ecies
->
v
().
compressed__y__1
(),
ecc_compressed_mode
::
compressed_y_
1
);
result
=
ec
.
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
ec_comp
.
public_key_x
(),
ec_
comp
.
public_key_y
()
,
ecies
->
c
(),
p_encrypted_data
.
ciphertext
().
aes128ccm
().
nonce
(),
ecies
->
t
()
,
OCTETSTRING
(
0
,
nullptr
)
);
}
else
{
loggers
::
get_instance
().
warning
(
"security_services::process_ieee_1609_dot2_encrypted_data: Failed to decode Decrypt Ieee1609Dot2Data-Encrypted"
);
return
-
1
;
...
...
@@ -592,7 +592,7 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
}
// 3. Generate and derive shared secret
if
(
_ec_keys_enc
.
get
()
->
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
r_public_key_x
,
r_public_key_y
)
==
-
1
)
{
if
(
_ec_keys_enc
.
get
()
->
generate_and_derive_ephemeral_key
(
encryption_algotithm
::
aes_128_ccm
,
r_public_key_x
,
r_public_key_y
,
OCTETSTRING
(
0
,
nullptr
)
)
==
-
1
)
{
loggers
::
get_instance
().
warning
(
"security_services::encrypt_gn_payload: Failed to generate and derive secret key"
);
return
-
1
;
}
...
...
docker/run-container.sh
View file @
2731bdfd
...
...
@@ -5,7 +5,7 @@
#set -e
set
-vx
docker run
-i
--rm
stf525_its:latest /bin/bash
#
-c "
sudo etsi
"
docker run
-i
--rm
stf525_its:latest /bin/bash
-c
"
cd /home/etsi/dev/etsi_its/src/TestCodec/objs && ../bin/run_all.bash
"
# That's all Floks
exit
0
etc/TestCodec/TestCodec.cfg
View file @
2731bdfd
...
...
@@ -285,7 +285,7 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
#TestCodec_SecuredFuntions.tc_sha384_1
#TestCodec_SecuredFuntions.tc_f_generate_key_pair_1
#TestCodec_SecuredFuntions.tc_f_generate_key_pair_2
TestCodec_SecuredFuntions.tc_f_generate_key_pair_3
#
TestCodec_SecuredFuntions.tc_f_generate_key_pair_3
#TestCodec_SecuredFuntions.tc_f_signWithEcdsaNistp256WithSha256_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_2
...
...
@@ -327,12 +327,17 @@ TestCodec_SecuredFuntions.tc_f_generate_key_pair_3
#TestCodec_SecuredFuntions.tc_read_certificate_digest
#TestCodec_SecuredFuntions.tc_read_certificate_hash
# Encryption
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test1
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test2
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test3
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test1
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test2
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test3
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test4
TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_1
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_2
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_3
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_4
#TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
...
...
javasrc/CeCILL-C LICENSE.txt
deleted
100644 → 0
View file @
8584645f
This diff is collapsed.
Click to expand it.
javasrc/adapter/org/etsi/adapter/GnssSupportFactory.java
deleted
100644 → 0
View file @
8584645f
/**
* Factory for GNSS Support implementations.
* Implementations have to register to this factory.
*
*/
package
org.etsi.adapter
;
/**
* Factory for Test Execution Required implementations.
* Implementations have to register to this factory.
*/
public
class
GnssSupportFactory
{
/**
* Registered IGnssSupport implementation
*/
private
static
IGnssSupport
instance
;
/**
* Gets the registered IGnssSupport implementation
* @return Instance of IGnssSupport implementation registered through setImpl() or null
* @see setImpl
*/
public
static
IGnssSupport
getInstance
()
{
return
instance
;
}
/**
* Private constructor (Singleton pattern)
*/
private
GnssSupportFactory
()
{
//empty
}
/**
* Sets the implementation instance to be returned by the factory
* @param impl Instance of the implementation to be registered
*/
public
static
void
setImpl
(
IGnssSupport
impl
)
{
instance
=
impl
;
}
}
javasrc/adapter/org/etsi/adapter/IGnssSupport.java
deleted
100644 → 0
View file @
8584645f
/*
* ----------------------------------------------------------------------------
* (C) Copyright Testing Technologies, 2001-2015. All Rights Reserved.
*
* All copies of this program, whether in whole or in part, and whether
* modified or not, must display this and all other embedded copyright
* and ownership notices in full.
*
* See the file COPYRIGHT for details of redistribution and use.
*
* You should have received a copy of the COPYRIGHT file along with
* this file; if not, write to the Testing Technologies,
* Michaelkirchstr. 17/18, 10179 Berlin, Germany.
*
* TESTING TECHNOLOGIES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
* SOFTWARE. IN NO EVENT SHALL TESTING TECHNOLOGIES BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
* ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
* THIS SOFTWARE.
*
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
* EITHER EXPRESSED OR IMPLIED, INCLUDING ANY KIND OF IMPLIED OR
* EXPRESSED WARRANTY OF NON-INFRINGEMENT OR THE IMPLIED WARRANTIES
* OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* ----------------------------------------------------------------------------- */
/**
* GNSS support interface to be implemented by TE providers.
*/
package
org.etsi.adapter
;
import
java.math.BigInteger
;
import
org.etsi.its.adapter.ports.AdapterPort
;
import
org.etsi.ttcn.tri.TriStatus
;
/**
* Test Execution Required interface to be implemented by TE providers.
*/
public
interface
IGnssSupport
{
/**
* Initialize the GNSS support.
* @return TRI_OK in case of success, false otherwise
*/
public
TriStatus
init
();
/**
* Loads a scenario
* @param id of predefined scenario
* @return TRUE on success, FALSE otherwise
*/
public
boolean
loadScenario
(
int
p_id
);
/**
* Starts a loaded scenario
* @return TRUE on success, FALSE otherwise
*/
public
boolean
startScenario
();
/**
* Stops a started scenario
* @return TRUE on success, FALSE otherwise
*/
public
boolean
stopScenario
();
/**
* Signals when the requested distance was covered
* @param distance The requested distance in m.
* @return TRUE on success, FALSE otherwise
*/
public
boolean
awaitDistanceToCover
(
AdapterPort
notifier
,
double
distance
);
/**
* Changes dynamically the speed in the running scenario
* @param The new speed value.
* @return TRUE on success, FALSE otherwise
*/
public
boolean
changeSpeed
(
double
speed
);
/**
* Changes dynamically the heading in the running scenario
* @param heading The new heading value.
* @return TRUE on success, FALSE otherwise
*/
public
boolean
changeHeading
(
double
heading
);
/**
* Gets the current GPS time
* @return the time
*/
public
BigInteger
getGpsTime
();
/**
* Signals when the requested time in the running scenario is reached
* @param time The requested time in msec.
* @return TRUE on success, FALSE otherwise
*/
public
boolean
awaitTimeInRunningScenario
(
AdapterPort
notifier
,
int
time
);
/**
* Dispose object
*/
public
void
dispose
();
}
javasrc/adapter/org/etsi/adapter/ITERequired.java
deleted
100644 → 0
View file @
8584645f
/**
* Test Execution Required interface to be implemented by TE providers.
*
* @author ETSI / STF424
* @version $URL$
* $Id$
*
*/
package
org.etsi.adapter
;
import
org.etsi.ttcn.tci.Value
;
import
org.etsi.ttcn.tri.TriAddress
;
import
org.etsi.ttcn.tri.TriCommunicationTE
;
import
org.etsi.ttcn.tri.TriMessage
;
import
org.etsi.ttcn.tri.TriStatus
;
/**
* Test Execution Required interface to be implemented by TE providers.
*/
public
interface
ITERequired
{
/**
* Gets TriCommunicationTE implementation
* @return TriCommunicationTE implementation
*/
TriCommunicationTE
getCommunicationTE
();
/**
* Creates TriStatus object corresponding to statusCode
* @param statusCode Status value
* @return TriStatus corresponding to statusCode
*/
TriStatus
getTriStatus
(
int
statusCode
);
/**
* Creates TriStatus object corresponding to statusCode (non TRI-standard)
* @param statusCode Status value
* @param message Informational message (Error cause, ...)
* @return TriStatus corresponding to statusCode
*/
TriStatus
getTriStatus
(
int
statusCode
,
String
message
);
/**
* Gets TriAddress
* @param message
* @return TriAddress
*/
TriAddress
getTriAddress
(
byte
[]
message
);
/**
* Gets TriMessage
* @param message
* @return TriMessage
*/
TriMessage
getTriMessage
(
byte
[]
message
);
/**
* Gets Test Adapter configuration parameter (non TRI-standard)
* @param param Name of the configuration parameter
* @return Value associated to the TA parameter