Commit 33e34487 authored by garciay's avatar garciay
Browse files

STF538: Start Encryption TPs implementation 

        Start Certificate generation script
parent ad9c6578

ccsrc/Externals/LibItsSecurity_externals.cc

+41 −5
Original line number Diff line number Diff line
@@ -251,11 +251,47 @@ namespace LibItsSecurity__Functions 
  

  

  OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__peerPublicKeyX, const OCTETSTRING& p__peerPublicKeyY, OCTETSTRING& p__publicEncKeyX, OCTETSTRING& p__publicEncKeyY, OCTETSTRING& p__ephKey, OCTETSTRING& p__tag, OCTETSTRING& p__nonce) {

    OCTETSTRING os;



    os = OCTETSTRING();

    p__nonce = OCTETSTRING();

    p__tag = OCTETSTRING();

    loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: ", p__toBeEncryptedSecuredMessage);

    loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: ", p__peerPublicKeyX);

    loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: ", p__publicEncKeyY);



    ec_keys ec(ec_elliptic_curves::nist_p_256);

    std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(p__peerPublicKeyX), p__peerPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__peerPublicKeyX));

    std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(p__publicEncKeyY), p__publicEncKeyY.lengthof() + static_cast<const unsigned char *>(p__publicEncKeyY));

    int unused = 0;

    if (ec.generate_ephemeral_key(

                                  encryption_algotithm::aes_128_ccm,

                                  peer_public_key_x,

                                  peer_public_key_y,

                                  unused) != 0) {

      loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate sender's ephemeral key");

      return OCTETSTRING();

    }

    std::vector<unsigned char> enc_eph_key;

    if (ec.encrypt_ephemeral_key(ec.ephemeral_key(), enc_eph_key) != 0) {

      loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to encrypt generated sender's ephemeral key");

      return OCTETSTRING();

    }

    p__ephKey = OCTETSTRING(enc_eph_key.size(), enc_eph_key.data());

    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: p__ephKey: ", ec.ephemeral_key().data(), ec.ephemeral_key().size());

    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: Encrypted p__ephKey: ", p__ephKey);

    p__publicEncKeyX = OCTETSTRING(ec.encryption_key_x().size(), ec.encryption_key_x().data());

    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: p__publicEncKeyX: ", p__publicEncKeyX);

    p__publicEncKeyY = OCTETSTRING(ec.encryption_key_y().size(), ec.encryption_key_y().data());

    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: p__publicEncKeyY: ", p__publicEncKeyY);



    std::vector<unsigned char> message(static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage), p__toBeEncryptedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeEncryptedSecuredMessage));

    std::vector<unsigned char> enc_message;

    if (ec.encrypt(message, enc_message) == -1) {

      loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to encrypt message");

      return OCTETSTRING();

    }

    OCTETSTRING os(enc_message.size(), enc_message.data());

    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: enc message: ", os);

    p__nonce = OCTETSTRING(ec.nonce().size(), ec.nonce().data());

    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce);

    p__tag = OCTETSTRING(ec.tag().size(), ec.tag().data());

    loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: p__tag: ", p__tag);

    return os;

  }

ccsrc/Framework/LayerFactory.hh

+3 −1
Original line number Diff line number Diff line
@@ -56,7 +56,9 @@ public: //! \publicsection 
   *       beaconing              : Set to 1 if GnLayer shall start beaconing

   *       Beaconing timer expiry : expiry (ms)

   *       device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU

   *       secured_mode           : Set to 1 if message exchanges shall be secured

   *       secured_mode           : Set to 1 if message exchanges shall be signed

   *       encrypted_mode         : Set to 1 if message exchanges shall be encrypted

   *                                NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1

   *       certificate            : Certificate identifier the Test Adapter shall use

   *       secure_db_path         : Path to the certificates and keys storage location

   *       hash                   : Hash algorithm to be used when secured mode is set

ccsrc/Framework/Params.hh

+1 −1
Original line number Diff line number Diff line
@@ -56,7 +56,7 @@ public: //! \publicsection 
  static const std::string& certificate;           //! The certificate identifier the Test System shall use. E.g. CERT_TS_A

  static const std::string& hash;                  //! The digest algorithm the Test System shall use, authorised values are SHA-256 or SHA-384. Default: SHA-256

  static const std::string& signature;             //! The signature algorithm the Test System shall use, authorised values are NISTP-256, BP-256 and BP-384. Default: NISTP-256

  static const std::string& cypher;

  static const std::string& cypher;                //! The encryption algorithm the Test System shall use, authorised values are NISTP-256 and BP-256. Default: NISTP-256

  static const std::string& distanceA;             //! Test system GeoNetworking DistanceA parameter name

  static const std::string& distanceB;             //! Test system GeoNetworking DistanceB parameter name

  static const std::string& angle;                 //! Test system GeoNetworking Angle parameter name

ccsrc/Protocols/Security/ec_keys.cc

+105 −6
Original line number Diff line number Diff line
@@ -179,7 +179,7 @@ int ec_keys::generate_ephemeral_key(const encryption_algotithm p_enc_algorithm, 


  // Sanity checks

  if ((_pub_key_x.size() != 0) || (_pub_key_y.size() != 0)) {

    printf("ec_keys::generate_ephemeral_key: Constrictor format #1 shall be used");

    loggers::get_instance().warning("ec_keys::generate_ephemeral_key: Constrictor format #1 shall be used");

    return -1;

  }

  p_unused = 0;
@@ -189,7 +189,6 @@ int ec_keys::generate_ephemeral_key(const encryption_algotithm p_enc_algorithm, 
  // Set buffers size

  int len = (EC_GROUP_get_degree(_ec_group) + 7) / 8;

  _eph_key.resize(len);

  printf("ec_keys::generate_ephemeral_key: ephemeral_ec_key_len=%d\n", _eph_key.size());



  // Convert the public keys (X,Y) into EC_POINT data structure

  EC_POINT *ec_point = nullptr;
@@ -211,12 +210,12 @@ int ec_keys::generate_ephemeral_key(const encryption_algotithm p_enc_algorithm, 
  return 0;

}



int ec_keys::generate_ephemeral_key(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_public_enc_key_x, const std::vector<unsigned char>& p_public_enc_key_y) { // TODO Change it into ctor

int ec_keys::generate_ephemeral_key(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_public_enc_key_x, const std::vector<unsigned char>& p_public_enc_key_y) {

  loggers::get_instance().log(">>> ec_keys::generate_ephemeral_key (2)");



  // Sanity checks

  if (_pri_key.size() == 0) {

    printf("ec_keys::generate_ephemeral_key: Constrictor format #2 shall be used");

    loggers::get_instance().warning("ec_keys::generate_ephemeral_key: Constrictor format #2 shall be used");

    return -1;

  }

  _encryption_algotithm = p_enc_algorithm;
@@ -224,7 +223,6 @@ int ec_keys::generate_ephemeral_key(const encryption_algotithm p_enc_algorithm, 
  // Set buffers size

  int len = (EC_GROUP_get_degree(_ec_group) + 7) / 8;

  _eph_key.resize(len);

  printf("ec_keys::generate_ephemeral_key: ephemeral_ec_key_len=%d\n", _eph_key.size());

  // Convert the peer public encryption key to an EC point

  EC_POINT *ec_point = nullptr;

  bin_to_ec_point(p_public_enc_key_x, p_public_enc_key_y, &ec_point);
@@ -239,6 +237,107 @@ int ec_keys::generate_ephemeral_key(const encryption_algotithm p_enc_algorithm, 
  return 0;

}



int ec_keys::encrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message) {

  loggers::get_instance().log(">>> ec_keys::encrypt: %d", p_enc_algorithm);



  // Sanity checks

  if ((_pub_key_x.size() != 0) || (_pub_key_y.size() != 0)) {

    loggers::get_instance().warning("ec_keys::encrypt: Constructor format #1 shall be used");

    return -1;

  }

  _encryption_algotithm = p_enc_algorithm;

  

  // Initialize the context and encryption operation

  EVP_CIPHER_CTX *ctx = ::EVP_CIPHER_CTX_new();

  switch (_encryption_algotithm) {

  case encryption_algotithm::aes_128_ccm:

    ::EVP_EncryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL);

    // Allocate buffers size

    _nonce.resize(12);

    _tag.resize(16);

    _eph_key.resize(16);

    p_enc_message.resize(p_message.size());

    break;

  case encryption_algotithm::aes_256_ccm:

    ::EVP_EncryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL);

    break;

  case encryption_algotithm::aes_128_gcm:

    ::EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);

    break;

  case encryption_algotithm::aes_256_gcm:

    ::EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);

    break;

  } // End of 'switch' statement

  // Generate _eph_key

  ::RAND_pseudo_bytes(_eph_key.data(), _eph_key.size());

  loggers::get_instance().log_to_hexa("ec_keys::encrypt: _eph_key: ", _eph_key.data(), _eph_key.size());

  // Generate _nonce

  ::RAND_pseudo_bytes(_nonce.data(), _nonce.size());

  loggers::get_instance().log_to_hexa("ec_keys::encrypt: nonce: ", _nonce.data(), _nonce.size());

  // Set nonce length

  ::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.size(), NULL);

  // Set tag length

  ::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.size(), NULL);

  // Prime the key and nonce

  ::EVP_EncryptInit_ex(ctx, NULL, NULL, _eph_key.data(), _nonce.data());

  // No authentication data

  // Encrypt the data

  int len = 0;

  ::EVP_EncryptUpdate(ctx, p_enc_message.data(), &len, p_message.data(), p_message.size());

  // Finalize the encryption session

  ::EVP_EncryptFinal_ex(ctx, p_enc_message.data() + len, &len);

  // Get the authentication tag

  ::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, _tag.size(), _tag.data());

  loggers::get_instance().log_to_hexa("ec_keys::encrypt: tag: ", _tag.data(), _tag.size());



  ::EVP_CIPHER_CTX_free(ctx);

  

  return 0;

}



int ec_keys::decrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message) {

  loggers::get_instance().log(">>> ec_keys::decrypt");



  // Sanity checks

  if ((_pri_key.size() == 0) || (_eph_key.size() == 0)) {

    loggers::get_instance().warning("ec_keys::decrypt: Constrictor format #2 shall be used");

    return -1;

  }

  _encryption_algotithm = p_enc_algorithm;

  _eph_key = p_key;

  _nonce = p_nonce;

  _tag = p_tag;

  

  // Initialize the context and decryption operation

  EVP_CIPHER_CTX *ctx = ::EVP_CIPHER_CTX_new();

  switch (_encryption_algotithm) {

  case encryption_algotithm::aes_128_ccm:

    ::EVP_DecryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL);

    break;

  case encryption_algotithm::aes_256_ccm:

    ::EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL);

    break;

  case encryption_algotithm::aes_128_gcm:

    ::EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);

    break;

  case encryption_algotithm::aes_256_gcm:

    ::EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);

    break;

  } // End of 'switch' statement

  // Set nonce length

  EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.size(), NULL);

  // Set expected tag value

  EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, _tag.size(), _tag.data());

  // Specify key and IV

  EVP_DecryptInit_ex(ctx, NULL, NULL, _eph_key.data(), _nonce.data());

  // Decrypt plaintext, verify tag: can only be called once

  p_message.resize(p_enc_message.size());

  int len = 0;

  int result = EVP_DecryptUpdate(ctx, p_message.data(), &len, p_enc_message.data(), p_enc_message.size());

  ::EVP_CIPHER_CTX_free(ctx);

  

  return (result > 0) ? 0 : -1;

}

int ec_keys::encrypt(const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message) {

  loggers::get_instance().log(">>> ec_keys::encrypt");
@@ -295,7 +394,7 @@ int ec_keys::decrypt(const std::vector<unsigned char>& p_nonce, const std::vecto 


  // Sanity checks

  if ((_pri_key.size() == 0) || (_eph_key.size() == 0)) {

    printf("ec_keys::decrypt: Constrictor format #2 shall be used");

    loggers::get_instance().warning("ec_keys::decrypt: Constrictor format #2 shall be used");

    return -1;

  }

  _nonce = p_nonce;

ccsrc/Protocols/Security/ec_keys.hh

+27 −0
Original line number Diff line number Diff line
@@ -109,6 +109,33 @@ public: 
  int encrypt_ephemeral_key(const std::vector<unsigned char>& p_eph_key, std::vector<unsigned char>& p_enc_eph_key) { p_enc_eph_key = p_eph_key; return 0; }; // FIXME

  int decrypt_ephemeral_key(const std::vector<unsigned char>& p_enc_eph_key, std::vector<unsigned char>& p_eph_key) { p_eph_key = p_enc_eph_key; return 0; }; // FIXME



  /*!

   * \fn int encrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message);

   * \brief Encryption using the specified algorithm.

   * \param[in] p_enc_algorithm The algorithm to use for the encryption

   * \param[in] p_message The message to be encrypted

   * \param[out] p_enc_message The encrypted message

   * \remark To get the generated ephemeral key, uses \see ephemeral_key method

   * \remark To get the generated nonce vector, uses \see nonce method

   * \remark To get the generated tag, uses \see tag method

   * \return 0 on success, -1 otherwise

   */ 

  int encrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message);

  /*!

   * \fn int decrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message);

   * \brief Decryption using the specified algorithm.

   * \param[in] p_enc_algorithm The algorithm to use for the decryption

   * \param[in] p_nonce The algorithm to use for the encryption

   * \param[in] p_tag The algorithm to use for the encryption

   * \param[in] p_enc_message The message to be decrypted

   * \param[out] p_message The decrypted message

   * \remark To get the generated ephemeral key, uses \see ephemeral_key method

   * \remark To get the generated nonce vector, uses \see nonce method

   * \remark To get the generated tag, uses \see tag method

   * \return 0 on success, -1 otherwise

   */ 

  int decrypt(const encryption_algotithm p_enc_algorithm, const std::vector<unsigned char>& p_key, const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message);

  

  int encrypt(const std::vector<unsigned char>& p_message, std::vector<unsigned char>& p_enc_message);

  int decrypt(const std::vector<unsigned char>& p_nonce, const std::vector<unsigned char>& p_tag, const std::vector<unsigned char>& p_enc_message, std::vector<unsigned char>& p_message);