Add Brainpool Security support (2e52e3c8) · Commits · ITS - Intelligent Transport Systems / ITS

ccsrc/Externals/LibItsSecurity_externals.cc

+15 −27

Original line number	Diff line number	Diff line
		@@ -66,8 +66,7 @@ namespace LibItsSecurity__Functions
		std::vector<unsigned char> tbs(static_cast<const unsigned char >(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char >(p__toBeSignedSecuredMessage));
		hash.generate(tbs, hashData);
		// Calculate the signature
		const unsigned char * p = static_cast<const unsigned char *>(p__privateKey);
		std::vector<unsigned char> p_key(p, p + p__privateKey.lengthof());
		std::vector<unsigned char> p_key(static_cast<const unsigned char >(p__privateKey), static_cast<const unsigned char >(p__privateKey) + p__privateKey.lengthof());
		ec_keys k(ec_elliptic_curves::nist_p_256, p_key);
		std::vector<unsigned char> r_sig;
		std::vector<unsigned char> s_sig;
		@@ -101,8 +100,7 @@ namespace LibItsSecurity__Functions
		std::vector<unsigned char> tbs(static_cast<const unsigned char >(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char >(p__toBeSignedSecuredMessage));
		hash.generate(tbs, hashData);
		// Calculate the signature
		const unsigned char * p = static_cast<const unsigned char *>(p__privateKey);
		std::vector<unsigned char> p_key(p, p + p__privateKey.lengthof());
		std::vector<unsigned char> p_key(static_cast<const unsigned char >(p__privateKey), static_cast<const unsigned char >(p__privateKey) + p__privateKey.lengthof());
		ec_keys k(ec_elliptic_curves::brainpool_p_256_r1, p_key);
		std::vector<unsigned char> r_sig;
		std::vector<unsigned char> s_sig;
		@@ -136,16 +134,15 @@ namespace LibItsSecurity__Functions
		std::vector<unsigned char> tbs(static_cast<const unsigned char >(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char >(p__toBeSignedSecuredMessage));
		hash.generate(tbs, hashData);
		// Calculate the signature
		const unsigned char * p = static_cast<const unsigned char *>(p__privateKey);
		std::vector<unsigned char> p_key(p, p + p__privateKey.lengthof());
		std::vector<unsigned char> p_key(static_cast<const unsigned char >(p__privateKey), static_cast<const unsigned char >(p__privateKey) + p__privateKey.lengthof());
		ec_keys k(ec_elliptic_curves::brainpool_p_384_r1, p_key);
		std::vector<unsigned char> r_sig;
		std::vector<unsigned char> s_sig;
		if (k.sign(hashData, r_sig, s_sig) == 0) {
		OCTETSTRING os(r_sig.size(), r_sig.data());
		// loggers::get_instance().log_to_hexa("r_sig= ", os);
		// loggers::get_instance().log_to_hexa("s_sig= ", OCTETSTRING(s_sig.size(), s_sig.data());
		// loggers::get_instance().log_to_hexa("sig= ", os += OCTETSTRING(s_sig.size(), s_sig.data()));
		loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: r_sig= ", os);
		loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: s_sig= ", OCTETSTRING(s_sig.size(), s_sig.data()));
		loggers::get_instance().log_to_hexa("fx__signWithEcdsaBrainpoolp384WithSha384: sig= ", os += OCTETSTRING(s_sig.size(), s_sig.data()));
		os += OCTETSTRING(s_sig.size(), s_sig.data());
		return os;
		}
		@@ -175,12 +172,9 @@ namespace LibItsSecurity__Functions
		std::vector<unsigned char> tbh(static_cast<const unsigned char >(p__toBeVerifiedData), static_cast<const unsigned char >(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof());
		hash.generate(tbh, hashData);
		// Check the signature
		const unsigned char * p = static_cast<const unsigned char *>(p__signature);
		std::vector<unsigned char> signature(p, p + p__signature.lengthof());
		p = static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX);
		std::vector<unsigned char> pub_key_x(p, p + p__ecdsaNistp256PublicKeyX.lengthof());
		p = static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY);
		std::vector<unsigned char> pub_key_y(p, p + p__ecdsaNistp256PublicKeyY.lengthof());
		std::vector<unsigned char> signature(static_cast<const unsigned char >(p__signature), static_cast<const unsigned char >(p__signature) + p__signature.lengthof());
		std::vector<unsigned char> pub_key_x(static_cast<const unsigned char >(p__ecdsaNistp256PublicKeyX), static_cast<const unsigned char >(p__ecdsaNistp256PublicKeyX) + p__ecdsaNistp256PublicKeyX.lengthof());
		std::vector<unsigned char> pub_key_y(static_cast<const unsigned char >(p__ecdsaNistp256PublicKeyY), static_cast<const unsigned char >(p__ecdsaNistp256PublicKeyY) + p__ecdsaNistp256PublicKeyY.lengthof());
		ec_keys k(ec_elliptic_curves::nist_p_256, pub_key_x, pub_key_y);
		if (k.sign_verif(hashData, signature) == 0) {
		return TRUE;
		@@ -211,12 +205,9 @@ namespace LibItsSecurity__Functions
		std::vector<unsigned char> tbh(static_cast<const unsigned char >(p__toBeVerifiedData), static_cast<const unsigned char >(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof());
		hash.generate(tbh, hashData);
		// Check the signature
		const unsigned char * p = static_cast<const unsigned char *>(p__signature);
		std::vector<unsigned char> signature(p, p + p__signature.lengthof());
		p = static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyX);
		std::vector<unsigned char> pub_key_x(p, p + p__ecdsaBrainpoolp256PublicKeyX.lengthof());
		p = static_cast<const unsigned char *>(p__ecdsaBrainpoolp256PublicKeyY);
		std::vector<unsigned char> pub_key_y(p, p + p__ecdsaBrainpoolp256PublicKeyY.lengthof());
		std::vector<unsigned char> signature(static_cast<const unsigned char >(p__signature), static_cast<const unsigned char >(p__signature) + p__signature.lengthof());
		std::vector<unsigned char> pub_key_x(static_cast<const unsigned char >(p__ecdsaBrainpoolp256PublicKeyX), static_cast<const unsigned char >(p__ecdsaBrainpoolp256PublicKeyX) + p__ecdsaBrainpoolp256PublicKeyX.lengthof());
		std::vector<unsigned char> pub_key_y(static_cast<const unsigned char >(p__ecdsaBrainpoolp256PublicKeyY), static_cast<const unsigned char >(p__ecdsaBrainpoolp256PublicKeyY) + p__ecdsaBrainpoolp256PublicKeyY.lengthof());
		ec_keys k(ec_elliptic_curves::brainpool_p_256_r1, pub_key_x, pub_key_y);
		if (k.sign_verif(hashData, signature) == 0) {
		return TRUE;
		@@ -247,12 +238,9 @@ namespace LibItsSecurity__Functions
		std::vector<unsigned char> tbh(static_cast<const unsigned char >(p__toBeVerifiedData), static_cast<const unsigned char >(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof());
		hash.generate(tbh, hashData);
		// Check the signature
		const unsigned char * p = static_cast<const unsigned char *>(p__signature);
		std::vector<unsigned char> signature(p, p + p__signature.lengthof());
		p = static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyX);
		std::vector<unsigned char> pub_key_x(p, p + p__ecdsaBrainpoolp384PublicKeyX.lengthof());
		p = static_cast<const unsigned char *>(p__ecdsaBrainpoolp384PublicKeyY);
		std::vector<unsigned char> pub_key_y(p, p + p__ecdsaBrainpoolp384PublicKeyY.lengthof());
		std::vector<unsigned char> signature(static_cast<const unsigned char >(p__signature), static_cast<const unsigned char >(p__signature) + p__signature.lengthof());
		std::vector<unsigned char> pub_key_x(static_cast<const unsigned char >(p__ecdsaBrainpoolp384PublicKeyX), static_cast<const unsigned char >(p__ecdsaBrainpoolp384PublicKeyX) + p__ecdsaBrainpoolp384PublicKeyX.lengthof());
		std::vector<unsigned char> pub_key_y(static_cast<const unsigned char >(p__ecdsaBrainpoolp384PublicKeyY), static_cast<const unsigned char >(p__ecdsaBrainpoolp384PublicKeyY) + p__ecdsaBrainpoolp384PublicKeyY.lengthof());
		ec_keys k(ec_elliptic_curves::brainpool_p_384_r1, pub_key_x, pub_key_y);
		if (k.sign_verif(hashData, signature) == 0) {
		return TRUE;

ccsrc/Protocols/Security/ec_keys.cc

+31 −15

Original line number	Diff line number	Diff line
		@@ -7,8 +7,6 @@
		ec_keys::ec_keys(const ec_elliptic_curves p_elliptic_curve): _elliptic_curve(p_elliptic_curve), _ec_key(nullptr), _ec_group(nullptr), _bn_ctx(nullptr), _pr_key(), _pu_key_x(), _pu_key_y() {
		loggers::get_instance().log(">>> ec_keys::ec_keys: %d", static_cast<int>(p_elliptic_curve));

		::ERR_load_crypto_strings();

		const int result = init();
		if (result == -1) {
		loggers::get_instance().error("ec_keys::ec_keys: Unsupported elliptic_curve %d", _elliptic_curve);
		@@ -18,14 +16,23 @@ ec_keys::ec_keys(const ec_elliptic_curves p_elliptic_curve): _elliptic_curve(p_e
		ec_keys::ec_keys(const ec_elliptic_curves p_elliptic_curve, const std::vector<unsigned char>& p_private_key): _elliptic_curve(p_elliptic_curve), _ec_key(nullptr), _ec_group(nullptr), _bn_ctx(nullptr), _pr_key(p_private_key), _pu_key_x(), _pu_key_y() {
		loggers::get_instance().log(">>> ec_keys::ec_keys (1): %d", static_cast<int>(p_elliptic_curve));

		// Sanity checks
		if ((_elliptic_curve == ec_elliptic_curves::nist_p_256) \|\| (_elliptic_curve == ec_elliptic_curves::brainpool_p_256_r1)) {
		if (p_private_key.size() != 32) {
		loggers::get_instance().error("ec_keys::ec_keys: Invalid public keys size");
		}
		} else if (_elliptic_curve == ec_elliptic_curves::brainpool_p_384_r1) {
		if ((p_private_key.size() != 48)) {
		loggers::get_instance().error("ec_keys::ec_keys: Invalid public keys size");
		}
		}

		int result = init();
		if (result == -1) {
		loggers::get_instance().error("ec_keys::ec_keys: Unsupported elliptic_curve %d", _elliptic_curve);
		}
		::EC_KEY_set_conv_form(_ec_key, POINT_CONVERSION_COMPRESSED);

		// TODO Sanity checks on key size

		// Build private key
		BIGNUM p;
		::BN_init(&p);
		@@ -58,14 +65,23 @@ ec_keys::ec_keys(const ec_elliptic_curves p_elliptic_curve, const std::vector<un
		ec_keys::ec_keys(const ec_elliptic_curves p_elliptic_curve, const std::vector<unsigned char>& p_public_key_x, const std::vector<unsigned char>& p_public_key_y): _elliptic_curve(p_elliptic_curve), _ec_key(nullptr), _ec_group(nullptr), _bn_ctx(nullptr), _pr_key(), _pu_key_x(p_public_key_x), _pu_key_y(p_public_key_y) {
		loggers::get_instance().log(">>> ec_keys::ec_keys (2): %d", static_cast<int>(p_elliptic_curve));

		// Sanity checks
		if ((_elliptic_curve == ec_elliptic_curves::nist_p_256) \|\| (_elliptic_curve == ec_elliptic_curves::brainpool_p_256_r1)) {
		if ((p_public_key_x.size() != 32) \|\| (p_public_key_y.size() != 32)) {
		loggers::get_instance().error("ec_keys::ec_keys: Invalid public keys size");
		}
		} else if (_elliptic_curve == ec_elliptic_curves::brainpool_p_384_r1) {
		if ((p_public_key_x.size() != 48) \|\| (p_public_key_y.size() != 48)) {
		loggers::get_instance().error("ec_keys::ec_keys: Invalid public keys size");
		}
		}

		int result = init();
		if (result == -1) {
		loggers::get_instance().error("ec_keys::ec_keys: Unsupported elliptic_curve %d", _elliptic_curve);
		}
		::EC_KEY_set_conv_form(_ec_key, POINT_CONVERSION_COMPRESSED);

		// TODO Sanity checks on key size

		// Set public key
		BIGNUM x;
		::BN_init(&x);
		@@ -96,16 +112,13 @@ ec_keys::ec_keys(const ec_elliptic_curves p_elliptic_curve, const std::vector<un
		ec_keys::~ec_keys() {
		loggers::get_instance().log(">>> ec_keys::~ec_keys");

		_pr_key.clear();
		_pu_key_x.clear();
		_pu_key_y.clear();

		if(_ec_key != nullptr) {
		::EC_KEY_free(_ec_key);
		}
		if (_bn_ctx != nullptr) {
		BN_CTX_free(_bn_ctx);
		}

		loggers::get_instance().log("<<< ec_keys::~ec_keys");
		} // End of Destructor

		@@ -162,7 +175,9 @@ int ec_keys::sign(const std::vector<unsigned char>& p_data, std::vector<unsigned
		if(_pr_key.size() == 0) { // No private key
		return -1;
		}
		// TODO Check data length
		if (p_data.size() == 0) {
		return -1;
		}

		ECDSA_SIG *signature = ::ECDSA_do_sign(p_data.data(), p_data.size(), _ec_key);
		if (signature == nullptr) {
		@@ -192,9 +207,9 @@ int ec_keys::sign_verif(const std::vector<unsigned char>& p_data, const std::vec
		loggers::get_instance().log(">>> ec_keys::sign_verif");

		// Sanity checks
		// TODO Check data length

		// Build the EC_POINT
		if (p_data.size() == 0) {
		return false;
		}

		// Build the signature
		BIGNUM r, s;
		@@ -205,6 +220,7 @@ int ec_keys::sign_verif(const std::vector<unsigned char>& p_data, const std::vec
		ECDSA_SIG *signature = ECDSA_SIG_new();
		signature->r = &r;
		signature->s = &s;
		// Check the signature
		int result = ::ECDSA_do_verify(p_data.data(), p_data.size(), signature, _ec_key);
		::ECDSA_SIG_free(signature);
		loggers::get_instance().log("ec_keys::sign_verif: %s", (result == 1) ? "succeed": "failed");
		@@ -215,7 +231,7 @@ const int ec_keys::init() {

		::ERR_load_crypto_strings();

		int result;
		int result = -1;
		switch (_elliptic_curve) { // TODO Group this cde into a private method
		case ec_elliptic_curves::nist_p_256: // Use the ANSI X9.62 Prime 256v1 curve
		result = ::OBJ_txt2nid("prime256v1");

Admin message