Loading .TITAN_properties +1 −2 Original line number Diff line number Diff line Loading @@ -22,7 +22,6 @@ <preprocessorIncludes> <listItem>./bin</listItem> <listItem>./src/bin</listItem> <listItem>./src/bin/asn1</listItem> <listItem>C:\ProgramFiles\OpenSSL-Win64\include</listItem> <listItem>C:\npcap-sdk-0.1\Include</listItem> <listItem>/Users/yann/Documents/wireshark/cygwin64/usr/lib/gcc/x86_64-pc-cygwin/7.3.0/include/c++</listItem> Loading @@ -30,8 +29,8 @@ <disableJSON>true</disableJSON> <includeSourceInfo>true</includeSourceInfo> <addSourceLineInfo>true</addSourceLineInfo> <enableLegacyEncoding>true</enableLegacyEncoding> <activateDebugger>true</activateDebugger> <enableLegacyEncoding>true</enableLegacyEncoding> <otherOptimizationFlags>-std=c++11</otherOptimizationFlags> <additionalObjects> <listItem>./src/bin/asn1/libItsAsn.so</listItem> Loading tools/itssecurity/.vs/itssecurity/v16/.suo (65.5 KiB) File changed.No diff preview for this file type. View original file View changed file tools/itssecurity/.vs/itssecurity/v16/Browse.VC.db −8.86 MiB (35.9 MiB) File changed.No diff preview for this file type. View original file View changed file tools/itssecurity/.vs/itssecurity/v16/Solution.VC.db +96 KiB (1.05 MiB) File changed.No diff preview for this file type. View original file View changed file tools/itssecurity/lib_its_security/lib_its_security.c +75 −21 Original line number Diff line number Diff line Loading @@ -165,6 +165,10 @@ int32_t sign_verify( const uint8_t* p_sig_s, const size_t p_sig_length ) { show_hex((const int8_t*)">>> sign_verify: p_data", p_data, p_data_length); show_hex((const int8_t*)">>> sign_verify: p_sig_r", p_sig_r, p_sig_length); show_hex((const int8_t*)">>> sign_verify: p_sig_s", p_sig_s, p_sig_length); // Sanity checks if ((p_lib_its_security_context == NULL) || (p_data == NULL) || (p_sig_r == NULL) || (p_sig_s == NULL)) { return -1; Loading @@ -177,6 +181,7 @@ int32_t sign_verify( ECDSA_SIG_set0(signature, r, s); // Check the signature int32_t result = ECDSA_do_verify(p_data, p_data_length, signature, p_lib_its_security_context->ec_key); fprintf(stderr, "sign_verify: result=%d\n", result); ECDSA_SIG_free(signature); return (result == 1) ? 0 : -1; Loading Loading @@ -382,7 +387,7 @@ int32_t generate_and_derive_ephemeral_key_for_encryption( uint8_t* k2 = (uint8_t*)malloc(k2_length); memcpy((void*)k2, (const void*)(k_enc + digest), k2_length); show_hex((const int8_t*)"k2", k2, k2_length); hmac_sha256(p_ecdh_private_key->enc_sym_key, p_ecdh_private_key->sym_key_length, k2, k2_length, &p_ecdh_private_key->tag); hmac_sha256(k2, k2_length, p_ecdh_private_key->enc_sym_key, p_ecdh_private_key->sym_key_length, &p_ecdh_private_key->tag); show_hex((const int8_t*)"tag", p_ecdh_private_key->tag, p_ecdh_private_key->tag_length); /* Generate random IV (nonce) */ Loading Loading @@ -486,7 +491,7 @@ int32_t generate_and_derive_ephemeral_key_for_decryption( uint8_t* k2 = (uint8_t*)malloc(k2_length); memcpy((void*)k2, (const void*)(k_enc + digest), k2_length); show_hex((const int8_t*)"k2", k2, k2_length); hmac_sha256(p_lib_its_security_context->enc_sym_key, p_lib_its_security_context->sym_key_length, k2, k2_length, &p_lib_its_security_context->tag); hmac_sha256(k2, k2_length, p_lib_its_security_context->enc_sym_key, p_lib_its_security_context->sym_key_length, &p_lib_its_security_context->tag); show_hex((const int8_t*)"authentication vector", p_lib_its_security_context->tag, p_lib_its_security_context->tag_length); /* Extract K1 and generate encrypted symmetric key */ Loading Loading @@ -822,6 +827,9 @@ int32_t hmac_sha256( return -1; } show_hex((const int8_t*)">>> hmac_sha256: p_secret_key", p_secret_key, p_secret_key_length); show_hex((const int8_t*)">>> hmac_sha256: p_message", p_message, p_message_length); uint32_t length = 64; uint8_t* hmac = (uint8_t*)malloc(length); HMAC_CTX *ctx = HMAC_CTX_new(); Loading @@ -834,6 +842,7 @@ int32_t hmac_sha256( *p_hmac = (uint8_t*)malloc(16); memcpy((void*)*p_hmac, (const void*)hmac, 16); free(hmac); show_hex((const int8_t*)"<<< hmac_sha256: p_message", *p_hmac, 16); return 0; } Loading @@ -845,18 +854,20 @@ int32_t prepare_data_to_be_verify( const uint8_t* p_certificate_issuer, uint8_t** p_hashed_data ) { show_hex((const int8_t*)">>> prepare_data_to_be_verify: p_data", p_data, p_data_length); // Calculate the SHA of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) ) uint8_t* hashed_data1; // Hash (Data input) int32_t result; if (p_lib_its_security_context->elliptic_curve == brainpool_p_384_r1) { result = hash_with_sha384(p_data, p_data_length, &hashed_data1); } else { result = hash_with_sha256(p_data, p_data_length, &hashed_data1); result = hash_with_sha256(p_data, p_data_length, &hashed_data1); // Hash (Data input) } if (result == -1) { return -1; } uint8_t* hashed_data2; // Hash (Signer identifier input) show_hex((const int8_t*)"prepare_data_to_be_verify: hashed_data1", hashed_data1, p_lib_its_security_context->key_length); // Check if issuer is '00...00'O vector bool foundNonZero = false; for (int i = 0; i < 32; i++) { Loading @@ -865,7 +876,10 @@ int32_t prepare_data_to_be_verify( break; } } fprintf(stderr, "prepare_data_to_be_verify: foundNonZero=%d\n", foundNonZero); uint8_t* hashed_data2; // Hash (Signer identifier input) if (foundNonZero) { // p_certificate_issuer is already the hashed id hashed_data2 = (uint8_t*)malloc(p_lib_its_security_context->key_length); memcpy((void*)hashed_data2, (const void*)p_certificate_issuer, p_lib_its_security_context->key_length); result = 0; Loading @@ -881,14 +895,17 @@ int32_t prepare_data_to_be_verify( free(hashed_data2); return -1; } show_hex((const int8_t*)"prepare_data_to_be_verify: hashed_data2", hashed_data2, p_lib_its_security_context->key_length); uint8_t* hash_data_buffer = (uint8_t*)malloc(2 * p_lib_its_security_context->key_length); // Hash (Data input) || Hash (Signer identifier input) memcpy((void*)hash_data_buffer, (const void*)hashed_data1, p_lib_its_security_context->key_length); memcpy((void*)(hash_data_buffer + p_lib_its_security_context->key_length), (const void*)hashed_data2, p_lib_its_security_context->key_length); show_hex((const int8_t*)"prepare_data_to_be_verify: hash_data_buffer", hash_data_buffer, 2 * p_lib_its_security_context->key_length); if (p_lib_its_security_context->elliptic_curve == brainpool_p_384_r1) { result = hash_with_sha384(hash_data_buffer, 2 * p_lib_its_security_context->key_length, p_hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) ) } else { result = hash_with_sha256(hash_data_buffer, 2 * p_lib_its_security_context->key_length, p_hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) ) } show_hex((const int8_t*)"prepare_data_to_be_verify: p_hashed_data", *p_hashed_data, p_lib_its_security_context->key_length); free(hashed_data1); free(hashed_data2); free(hash_data_buffer); Loading @@ -904,6 +921,10 @@ int32_t generic_signature( const uint8_t* p_private_key, uint8_t** p_signature ) { show_hex((const int8_t*)">>> generic_signature: p_to_be_signed_secured_message", p_to_be_signed_secured_message, p_to_be_signed_secured_message_length); show_hex((const int8_t*)">>> generic_signature: p_certificate_issuer", p_certificate_issuer, p_lib_its_security_context->key_length); show_hex((const int8_t*)">>> generic_signature: p_private_key", p_private_key, p_lib_its_security_context->key_length); uint8_t* hashed_data; if (prepare_data_to_be_verify(p_lib_its_security_context, p_to_be_signed_secured_message, p_to_be_signed_secured_message_length, p_certificate_issuer, &hashed_data) == -1) { return -1; Loading @@ -919,6 +940,8 @@ int32_t generic_signature( } free(hashed_data); // Copy the signature show_hex((const int8_t*)"generic_signature: r_sig", r_sig, p_lib_its_security_context->key_length); show_hex((const int8_t*)"generic_signature: s_sig", s_sig, p_lib_its_security_context->key_length); *p_signature = (uint8_t*)malloc(2 * p_lib_its_security_context->key_length); // r_sig || s_sig memcpy((void*)*p_signature, (const void*)r_sig, p_lib_its_security_context->key_length); memcpy((void*)(*p_signature + p_lib_its_security_context->key_length), (const void*)s_sig, p_lib_its_security_context->key_length); Loading @@ -942,11 +965,14 @@ int32_t generic_verify( if (prepare_data_to_be_verify(p_lib_its_security_context, p_to_be_verified_data, p_to_be_verified_data_length, p_certificate_issuer, &hashed_data) == -1) { return -1; } show_hex((const int8_t*)"generic_verify: p_data", hashed_data, p_lib_its_security_context->key_length); uint8_t* sig_r = (uint8_t*)malloc(p_lib_its_security_context->key_length); memcpy((void*)sig_r, (const void*)p_signature, p_lib_its_security_context->key_length); show_hex((const int8_t*)"generic_verify: sig_r", sig_r, p_lib_its_security_context->key_length); uint8_t* sig_s = (uint8_t*)malloc(p_lib_its_security_context->key_length); memcpy((void*)sig_s, (const void*)(p_signature + p_lib_its_security_context->key_length), p_lib_its_security_context->key_length); show_hex((const int8_t*)"generic_verify: sig_s", sig_s, p_lib_its_security_context->key_length); if (sign_verify(p_lib_its_security_context, hashed_data, p_lib_its_security_context->key_length, sig_r, sig_s, p_lib_its_security_context->key_length) == -1) { free(sig_r); free(sig_s); Loading @@ -961,7 +987,7 @@ int32_t generic_verify( } int32_t sign_with_ecdsa_nistp256_with_sha256( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_private_key const uint8_t* p_to_be_signed_secured_message, const size_t p_to_be_signed_secured_message_length, const uint8_t* p_certificate_issuer, Loading @@ -973,6 +999,10 @@ int32_t sign_with_ecdsa_nistp256_with_sha256( return -1; } show_hex((const int8_t*)">>> sign_with_ecdsa_nistp256_with_sha256: p_data", p_to_be_signed_secured_message, p_to_be_signed_secured_message_length); show_hex((const int8_t*)">>> sign_with_ecdsa_nistp256_with_sha256: p_certificate_issuer", p_certificate_issuer, p_lib_its_security_context->key_length); show_hex((const int8_t*)">>> sign_with_ecdsa_nistp256_with_sha256: p_private_key", p_private_key, p_lib_its_security_context->key_length); lib_its_security_context_t* lib_its_security_context; if (initialize_with_private_key(nist_p_256, p_private_key, &lib_its_security_context) == -1){ return -1; Loading @@ -985,7 +1015,7 @@ int32_t sign_with_ecdsa_nistp256_with_sha256( } int32_t sign_with_ecdsa_brainpoolp256r1_with_sha256( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_private_key const uint8_t* p_to_be_signed_secured_message, const size_t p_to_be_signed_secured_message_length, const uint8_t* p_certificate_issuer, Loading @@ -1009,7 +1039,7 @@ int32_t sign_with_ecdsa_brainpoolp256r1_with_sha256( } int32_t sign_with_ecdsa_brainpoolp384r1_with_sha384( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_private_key const uint8_t* p_to_be_signed_secured_message, const size_t p_to_be_signed_secured_message_length, const uint8_t* p_certificate_issuer, Loading @@ -1033,7 +1063,7 @@ int32_t sign_with_ecdsa_brainpoolp384r1_with_sha384( } int32_t verify_with_ecdsa_nistp256_with_sha256( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_ecdsa_nistp256_publicKey_compressed const uint8_t* p_to_be_verified_data, const size_t p_to_be_verified_data_length, const uint8_t* p_certificate_issuer, Loading @@ -1041,6 +1071,9 @@ int32_t verify_with_ecdsa_nistp256_with_sha256( const uint8_t* p_ecdsa_nistp256_publicKey_compressed, const ecc_compressed_mode_t p_compressed_mode ) { show_hex((const int8_t*)">>> verify_with_ecdsa_nistp256_with_sha256: p_to_be_verified_data=", p_to_be_verified_data, p_to_be_verified_data_length); // Sanity checks if ((p_lib_its_security_context == NULL) || (p_to_be_verified_data == NULL) || (p_signature == NULL) || (p_ecdsa_nistp256_publicKey_compressed == NULL)) { return -1; Loading @@ -1058,7 +1091,7 @@ int32_t verify_with_ecdsa_nistp256_with_sha256( } int32_t verify_with_ecdsa_nistp256_with_sha256_raw( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_ecdsa_nistp256_publicKey_compressed const uint8_t* p_to_be_verified_data, const size_t p_to_be_verified_data_length, const uint8_t* p_signature, Loading @@ -1067,7 +1100,7 @@ int32_t verify_with_ecdsa_nistp256_with_sha256_raw( ) { return -1; } int32_t verify_with_ecdsa_brainpoolp256r1_with_sha256( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_ecdsaBrainpoolp256PublicKeyCompressed const uint8_t* p_to_be_verified_data, const size_t p_to_be_verified_data_length, const uint8_t* p_certificate_issuer, Loading @@ -1075,6 +1108,11 @@ int32_t verify_with_ecdsa_brainpoolp256r1_with_sha256( const uint8_t* p_ecdsaBrainpoolp256PublicKeyCompressed, const ecc_compressed_mode_t p_compressed_mode ) { show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp256r1_with_sha256: p_to_be_verified_data=", p_to_be_verified_data, p_to_be_verified_data_length); show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp256r1_with_sha256: p_certificate_issuer=", p_certificate_issuer, 32); show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp256r1_with_sha256: p_signature=", p_signature, 64); show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp256r1_with_sha256: p_ecdsaBrainpoolp256PublicKeyCompressed=", p_ecdsaBrainpoolp256PublicKeyCompressed, 32); // Sanity checks if ((p_lib_its_security_context == NULL) || (p_to_be_verified_data == NULL) || (p_signature == NULL) || (p_ecdsaBrainpoolp256PublicKeyCompressed == NULL)) { return -1; Loading @@ -1092,7 +1130,7 @@ int32_t verify_with_ecdsa_brainpoolp256r1_with_sha256( } int32_t verify_with_ecdsa_brainpoolp384r1_with_sha384( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_ecdsaBrainpoolp384PublicKeyCompressed const uint8_t* p_to_be_verified_data, const size_t p_to_be_verified_data_length, const uint8_t* p_certificate_issuer, Loading @@ -1100,6 +1138,8 @@ int32_t verify_with_ecdsa_brainpoolp384r1_with_sha384( const uint8_t* p_ecdsaBrainpoolp384PublicKeyCompressed, const ecc_compressed_mode_t p_compressed_mode ) { show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp384r1_with_sha384: p_to_be_verified_data=", p_to_be_verified_data, p_to_be_verified_data_length); // Sanity checks if ((p_lib_its_security_context == NULL) || (p_to_be_verified_data == NULL) || (p_signature == NULL) || (p_ecdsaBrainpoolp384PublicKeyCompressed == NULL)) { return -1; Loading Loading @@ -1133,6 +1173,9 @@ int32_t encrypt_with_ecies_nistp256_with_sha256( uint8_t** p_encrypted_secured_message, size_t* p_encrypted_secured_message_length ) { show_hex((const int8_t*)">>> encrypt_with_ecies_nistp256_with_sha256: p_to_be_encrypted_secured_message=", p_to_be_encrypted_secured_message, p_to_be_encrypted_secured_message_length); show_hex((const int8_t*)">>> encrypt_with_ecies_nistp256_with_sha256: p_recipients_public_key_compressed=", p_recipients_public_key_compressed, 32); show_hex((const int8_t*)">>> encrypt_with_ecies_nistp256_with_sha256: p_salt=", p_salt, p_salt_length); /* Sanity checks */ lib_its_security_context_t* lib_its_security_context = NULL; Loading @@ -1147,6 +1190,7 @@ int32_t encrypt_with_ecies_nistp256_with_sha256( if (result == -1) { goto end; } show_hex((const int8_t*)"encrypt_with_ecies_nistp256_with_sha256: Ephemeral key compressed=", lib_its_security_context->public_key_c, lib_its_security_context->key_length); /* 2. Generate and derive shared secret based on recipient's public keys */ result = initialize_with_public_key(nist_p_256, p_recipients_public_key_compressed, p_compressed_mode, &lib_its_security_context_comp); Loading Loading @@ -1192,6 +1236,8 @@ int32_t encrypt_with_ecies_nistp256_with_sha256( *p_encrypted_secured_message = (uint8_t*)realloc((void*)*p_encrypted_secured_message, *p_encrypted_secured_message_length + lib_its_security_context->tag_length); memcpy((void*)(*p_encrypted_secured_message + *p_encrypted_secured_message_length), (const void*)lib_its_security_context->tag, lib_its_security_context->tag_length); *p_encrypted_secured_message_length += lib_its_security_context->tag_length; fprintf(stderr, "p_encrypted_secured_message_length = %ld\n", *p_encrypted_secured_message_length); show_hex((const int8_t*)"p_encrypted_secured_message", *p_encrypted_secured_message, *p_encrypted_secured_message_length); result = 0; end: Loading Loading @@ -1483,6 +1529,11 @@ int32_t decrypt( uint8_t** p_plain_text_message, size_t* p_plain_text_message_length ) { show_hex((const int8_t*)">>> decrypt: p_cipher_message", p_cipher_message, p_cipher_message_length); show_hex((const int8_t*)">>> decrypt: sym_key", p_lib_its_security_context->sym_key, p_lib_its_security_context->sym_key_length); show_hex((const int8_t*)">>> decrypt: nonce", p_lib_its_security_context->nonce, p_lib_its_security_context->nonce_length); show_hex((const int8_t*)">>> decrypt: tag", p_lib_its_security_context->tag, p_lib_its_security_context->tag_length); /* Sanity checks */ if ((p_lib_its_security_context == NULL) || (p_lib_its_security_context->sym_key == NULL) || (p_lib_its_security_context->nonce == NULL) || (p_cipher_message == NULL) || (p_plain_text_message == NULL)) { return -1; Loading Loading @@ -1516,11 +1567,14 @@ int32_t decrypt( int len = 0; int result = EVP_DecryptUpdate(ctx, *p_plain_text_message, &len, p_cipher_message, p_cipher_message_length); EVP_CIPHER_CTX_free(ctx); show_hex((const int8_t*)"decrypt: *p_plain_text_message", *p_plain_text_message, *p_plain_text_message_length); fprintf(stderr, "decrypt: result=%d\n", result); if (result != 1) { free(*p_plain_text_message); *p_plain_text_message = NULL; } fprintf(stderr, "<<< decrypt: result=%d\n", (result > 0) ? 0 : -1); return (result > 0) ? 0 : -1; } Loading Loading
.TITAN_properties +1 −2 Original line number Diff line number Diff line Loading @@ -22,7 +22,6 @@ <preprocessorIncludes> <listItem>./bin</listItem> <listItem>./src/bin</listItem> <listItem>./src/bin/asn1</listItem> <listItem>C:\ProgramFiles\OpenSSL-Win64\include</listItem> <listItem>C:\npcap-sdk-0.1\Include</listItem> <listItem>/Users/yann/Documents/wireshark/cygwin64/usr/lib/gcc/x86_64-pc-cygwin/7.3.0/include/c++</listItem> Loading @@ -30,8 +29,8 @@ <disableJSON>true</disableJSON> <includeSourceInfo>true</includeSourceInfo> <addSourceLineInfo>true</addSourceLineInfo> <enableLegacyEncoding>true</enableLegacyEncoding> <activateDebugger>true</activateDebugger> <enableLegacyEncoding>true</enableLegacyEncoding> <otherOptimizationFlags>-std=c++11</otherOptimizationFlags> <additionalObjects> <listItem>./src/bin/asn1/libItsAsn.so</listItem> Loading
tools/itssecurity/.vs/itssecurity/v16/.suo (65.5 KiB) File changed.No diff preview for this file type. View original file View changed file
tools/itssecurity/.vs/itssecurity/v16/Browse.VC.db −8.86 MiB (35.9 MiB) File changed.No diff preview for this file type. View original file View changed file
tools/itssecurity/.vs/itssecurity/v16/Solution.VC.db +96 KiB (1.05 MiB) File changed.No diff preview for this file type. View original file View changed file
tools/itssecurity/lib_its_security/lib_its_security.c +75 −21 Original line number Diff line number Diff line Loading @@ -165,6 +165,10 @@ int32_t sign_verify( const uint8_t* p_sig_s, const size_t p_sig_length ) { show_hex((const int8_t*)">>> sign_verify: p_data", p_data, p_data_length); show_hex((const int8_t*)">>> sign_verify: p_sig_r", p_sig_r, p_sig_length); show_hex((const int8_t*)">>> sign_verify: p_sig_s", p_sig_s, p_sig_length); // Sanity checks if ((p_lib_its_security_context == NULL) || (p_data == NULL) || (p_sig_r == NULL) || (p_sig_s == NULL)) { return -1; Loading @@ -177,6 +181,7 @@ int32_t sign_verify( ECDSA_SIG_set0(signature, r, s); // Check the signature int32_t result = ECDSA_do_verify(p_data, p_data_length, signature, p_lib_its_security_context->ec_key); fprintf(stderr, "sign_verify: result=%d\n", result); ECDSA_SIG_free(signature); return (result == 1) ? 0 : -1; Loading Loading @@ -382,7 +387,7 @@ int32_t generate_and_derive_ephemeral_key_for_encryption( uint8_t* k2 = (uint8_t*)malloc(k2_length); memcpy((void*)k2, (const void*)(k_enc + digest), k2_length); show_hex((const int8_t*)"k2", k2, k2_length); hmac_sha256(p_ecdh_private_key->enc_sym_key, p_ecdh_private_key->sym_key_length, k2, k2_length, &p_ecdh_private_key->tag); hmac_sha256(k2, k2_length, p_ecdh_private_key->enc_sym_key, p_ecdh_private_key->sym_key_length, &p_ecdh_private_key->tag); show_hex((const int8_t*)"tag", p_ecdh_private_key->tag, p_ecdh_private_key->tag_length); /* Generate random IV (nonce) */ Loading Loading @@ -486,7 +491,7 @@ int32_t generate_and_derive_ephemeral_key_for_decryption( uint8_t* k2 = (uint8_t*)malloc(k2_length); memcpy((void*)k2, (const void*)(k_enc + digest), k2_length); show_hex((const int8_t*)"k2", k2, k2_length); hmac_sha256(p_lib_its_security_context->enc_sym_key, p_lib_its_security_context->sym_key_length, k2, k2_length, &p_lib_its_security_context->tag); hmac_sha256(k2, k2_length, p_lib_its_security_context->enc_sym_key, p_lib_its_security_context->sym_key_length, &p_lib_its_security_context->tag); show_hex((const int8_t*)"authentication vector", p_lib_its_security_context->tag, p_lib_its_security_context->tag_length); /* Extract K1 and generate encrypted symmetric key */ Loading Loading @@ -822,6 +827,9 @@ int32_t hmac_sha256( return -1; } show_hex((const int8_t*)">>> hmac_sha256: p_secret_key", p_secret_key, p_secret_key_length); show_hex((const int8_t*)">>> hmac_sha256: p_message", p_message, p_message_length); uint32_t length = 64; uint8_t* hmac = (uint8_t*)malloc(length); HMAC_CTX *ctx = HMAC_CTX_new(); Loading @@ -834,6 +842,7 @@ int32_t hmac_sha256( *p_hmac = (uint8_t*)malloc(16); memcpy((void*)*p_hmac, (const void*)hmac, 16); free(hmac); show_hex((const int8_t*)"<<< hmac_sha256: p_message", *p_hmac, 16); return 0; } Loading @@ -845,18 +854,20 @@ int32_t prepare_data_to_be_verify( const uint8_t* p_certificate_issuer, uint8_t** p_hashed_data ) { show_hex((const int8_t*)">>> prepare_data_to_be_verify: p_data", p_data, p_data_length); // Calculate the SHA of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) ) uint8_t* hashed_data1; // Hash (Data input) int32_t result; if (p_lib_its_security_context->elliptic_curve == brainpool_p_384_r1) { result = hash_with_sha384(p_data, p_data_length, &hashed_data1); } else { result = hash_with_sha256(p_data, p_data_length, &hashed_data1); result = hash_with_sha256(p_data, p_data_length, &hashed_data1); // Hash (Data input) } if (result == -1) { return -1; } uint8_t* hashed_data2; // Hash (Signer identifier input) show_hex((const int8_t*)"prepare_data_to_be_verify: hashed_data1", hashed_data1, p_lib_its_security_context->key_length); // Check if issuer is '00...00'O vector bool foundNonZero = false; for (int i = 0; i < 32; i++) { Loading @@ -865,7 +876,10 @@ int32_t prepare_data_to_be_verify( break; } } fprintf(stderr, "prepare_data_to_be_verify: foundNonZero=%d\n", foundNonZero); uint8_t* hashed_data2; // Hash (Signer identifier input) if (foundNonZero) { // p_certificate_issuer is already the hashed id hashed_data2 = (uint8_t*)malloc(p_lib_its_security_context->key_length); memcpy((void*)hashed_data2, (const void*)p_certificate_issuer, p_lib_its_security_context->key_length); result = 0; Loading @@ -881,14 +895,17 @@ int32_t prepare_data_to_be_verify( free(hashed_data2); return -1; } show_hex((const int8_t*)"prepare_data_to_be_verify: hashed_data2", hashed_data2, p_lib_its_security_context->key_length); uint8_t* hash_data_buffer = (uint8_t*)malloc(2 * p_lib_its_security_context->key_length); // Hash (Data input) || Hash (Signer identifier input) memcpy((void*)hash_data_buffer, (const void*)hashed_data1, p_lib_its_security_context->key_length); memcpy((void*)(hash_data_buffer + p_lib_its_security_context->key_length), (const void*)hashed_data2, p_lib_its_security_context->key_length); show_hex((const int8_t*)"prepare_data_to_be_verify: hash_data_buffer", hash_data_buffer, 2 * p_lib_its_security_context->key_length); if (p_lib_its_security_context->elliptic_curve == brainpool_p_384_r1) { result = hash_with_sha384(hash_data_buffer, 2 * p_lib_its_security_context->key_length, p_hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) ) } else { result = hash_with_sha256(hash_data_buffer, 2 * p_lib_its_security_context->key_length, p_hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) ) } show_hex((const int8_t*)"prepare_data_to_be_verify: p_hashed_data", *p_hashed_data, p_lib_its_security_context->key_length); free(hashed_data1); free(hashed_data2); free(hash_data_buffer); Loading @@ -904,6 +921,10 @@ int32_t generic_signature( const uint8_t* p_private_key, uint8_t** p_signature ) { show_hex((const int8_t*)">>> generic_signature: p_to_be_signed_secured_message", p_to_be_signed_secured_message, p_to_be_signed_secured_message_length); show_hex((const int8_t*)">>> generic_signature: p_certificate_issuer", p_certificate_issuer, p_lib_its_security_context->key_length); show_hex((const int8_t*)">>> generic_signature: p_private_key", p_private_key, p_lib_its_security_context->key_length); uint8_t* hashed_data; if (prepare_data_to_be_verify(p_lib_its_security_context, p_to_be_signed_secured_message, p_to_be_signed_secured_message_length, p_certificate_issuer, &hashed_data) == -1) { return -1; Loading @@ -919,6 +940,8 @@ int32_t generic_signature( } free(hashed_data); // Copy the signature show_hex((const int8_t*)"generic_signature: r_sig", r_sig, p_lib_its_security_context->key_length); show_hex((const int8_t*)"generic_signature: s_sig", s_sig, p_lib_its_security_context->key_length); *p_signature = (uint8_t*)malloc(2 * p_lib_its_security_context->key_length); // r_sig || s_sig memcpy((void*)*p_signature, (const void*)r_sig, p_lib_its_security_context->key_length); memcpy((void*)(*p_signature + p_lib_its_security_context->key_length), (const void*)s_sig, p_lib_its_security_context->key_length); Loading @@ -942,11 +965,14 @@ int32_t generic_verify( if (prepare_data_to_be_verify(p_lib_its_security_context, p_to_be_verified_data, p_to_be_verified_data_length, p_certificate_issuer, &hashed_data) == -1) { return -1; } show_hex((const int8_t*)"generic_verify: p_data", hashed_data, p_lib_its_security_context->key_length); uint8_t* sig_r = (uint8_t*)malloc(p_lib_its_security_context->key_length); memcpy((void*)sig_r, (const void*)p_signature, p_lib_its_security_context->key_length); show_hex((const int8_t*)"generic_verify: sig_r", sig_r, p_lib_its_security_context->key_length); uint8_t* sig_s = (uint8_t*)malloc(p_lib_its_security_context->key_length); memcpy((void*)sig_s, (const void*)(p_signature + p_lib_its_security_context->key_length), p_lib_its_security_context->key_length); show_hex((const int8_t*)"generic_verify: sig_s", sig_s, p_lib_its_security_context->key_length); if (sign_verify(p_lib_its_security_context, hashed_data, p_lib_its_security_context->key_length, sig_r, sig_s, p_lib_its_security_context->key_length) == -1) { free(sig_r); free(sig_s); Loading @@ -961,7 +987,7 @@ int32_t generic_verify( } int32_t sign_with_ecdsa_nistp256_with_sha256( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_private_key const uint8_t* p_to_be_signed_secured_message, const size_t p_to_be_signed_secured_message_length, const uint8_t* p_certificate_issuer, Loading @@ -973,6 +999,10 @@ int32_t sign_with_ecdsa_nistp256_with_sha256( return -1; } show_hex((const int8_t*)">>> sign_with_ecdsa_nistp256_with_sha256: p_data", p_to_be_signed_secured_message, p_to_be_signed_secured_message_length); show_hex((const int8_t*)">>> sign_with_ecdsa_nistp256_with_sha256: p_certificate_issuer", p_certificate_issuer, p_lib_its_security_context->key_length); show_hex((const int8_t*)">>> sign_with_ecdsa_nistp256_with_sha256: p_private_key", p_private_key, p_lib_its_security_context->key_length); lib_its_security_context_t* lib_its_security_context; if (initialize_with_private_key(nist_p_256, p_private_key, &lib_its_security_context) == -1){ return -1; Loading @@ -985,7 +1015,7 @@ int32_t sign_with_ecdsa_nistp256_with_sha256( } int32_t sign_with_ecdsa_brainpoolp256r1_with_sha256( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_private_key const uint8_t* p_to_be_signed_secured_message, const size_t p_to_be_signed_secured_message_length, const uint8_t* p_certificate_issuer, Loading @@ -1009,7 +1039,7 @@ int32_t sign_with_ecdsa_brainpoolp256r1_with_sha256( } int32_t sign_with_ecdsa_brainpoolp384r1_with_sha384( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_private_key const uint8_t* p_to_be_signed_secured_message, const size_t p_to_be_signed_secured_message_length, const uint8_t* p_certificate_issuer, Loading @@ -1033,7 +1063,7 @@ int32_t sign_with_ecdsa_brainpoolp384r1_with_sha384( } int32_t verify_with_ecdsa_nistp256_with_sha256( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_ecdsa_nistp256_publicKey_compressed const uint8_t* p_to_be_verified_data, const size_t p_to_be_verified_data_length, const uint8_t* p_certificate_issuer, Loading @@ -1041,6 +1071,9 @@ int32_t verify_with_ecdsa_nistp256_with_sha256( const uint8_t* p_ecdsa_nistp256_publicKey_compressed, const ecc_compressed_mode_t p_compressed_mode ) { show_hex((const int8_t*)">>> verify_with_ecdsa_nistp256_with_sha256: p_to_be_verified_data=", p_to_be_verified_data, p_to_be_verified_data_length); // Sanity checks if ((p_lib_its_security_context == NULL) || (p_to_be_verified_data == NULL) || (p_signature == NULL) || (p_ecdsa_nistp256_publicKey_compressed == NULL)) { return -1; Loading @@ -1058,7 +1091,7 @@ int32_t verify_with_ecdsa_nistp256_with_sha256( } int32_t verify_with_ecdsa_nistp256_with_sha256_raw( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_ecdsa_nistp256_publicKey_compressed const uint8_t* p_to_be_verified_data, const size_t p_to_be_verified_data_length, const uint8_t* p_signature, Loading @@ -1067,7 +1100,7 @@ int32_t verify_with_ecdsa_nistp256_with_sha256_raw( ) { return -1; } int32_t verify_with_ecdsa_brainpoolp256r1_with_sha256( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_ecdsaBrainpoolp256PublicKeyCompressed const uint8_t* p_to_be_verified_data, const size_t p_to_be_verified_data_length, const uint8_t* p_certificate_issuer, Loading @@ -1075,6 +1108,11 @@ int32_t verify_with_ecdsa_brainpoolp256r1_with_sha256( const uint8_t* p_ecdsaBrainpoolp256PublicKeyCompressed, const ecc_compressed_mode_t p_compressed_mode ) { show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp256r1_with_sha256: p_to_be_verified_data=", p_to_be_verified_data, p_to_be_verified_data_length); show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp256r1_with_sha256: p_certificate_issuer=", p_certificate_issuer, 32); show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp256r1_with_sha256: p_signature=", p_signature, 64); show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp256r1_with_sha256: p_ecdsaBrainpoolp256PublicKeyCompressed=", p_ecdsaBrainpoolp256PublicKeyCompressed, 32); // Sanity checks if ((p_lib_its_security_context == NULL) || (p_to_be_verified_data == NULL) || (p_signature == NULL) || (p_ecdsaBrainpoolp256PublicKeyCompressed == NULL)) { return -1; Loading @@ -1092,7 +1130,7 @@ int32_t verify_with_ecdsa_brainpoolp256r1_with_sha256( } int32_t verify_with_ecdsa_brainpoolp384r1_with_sha384( lib_its_security_context_t* p_lib_its_security_context, lib_its_security_context_t* p_lib_its_security_context, // FIXME To be removed or remove p_ecdsaBrainpoolp384PublicKeyCompressed const uint8_t* p_to_be_verified_data, const size_t p_to_be_verified_data_length, const uint8_t* p_certificate_issuer, Loading @@ -1100,6 +1138,8 @@ int32_t verify_with_ecdsa_brainpoolp384r1_with_sha384( const uint8_t* p_ecdsaBrainpoolp384PublicKeyCompressed, const ecc_compressed_mode_t p_compressed_mode ) { show_hex((const int8_t*)">>> verify_with_ecdsa_brainpoolp384r1_with_sha384: p_to_be_verified_data=", p_to_be_verified_data, p_to_be_verified_data_length); // Sanity checks if ((p_lib_its_security_context == NULL) || (p_to_be_verified_data == NULL) || (p_signature == NULL) || (p_ecdsaBrainpoolp384PublicKeyCompressed == NULL)) { return -1; Loading Loading @@ -1133,6 +1173,9 @@ int32_t encrypt_with_ecies_nistp256_with_sha256( uint8_t** p_encrypted_secured_message, size_t* p_encrypted_secured_message_length ) { show_hex((const int8_t*)">>> encrypt_with_ecies_nistp256_with_sha256: p_to_be_encrypted_secured_message=", p_to_be_encrypted_secured_message, p_to_be_encrypted_secured_message_length); show_hex((const int8_t*)">>> encrypt_with_ecies_nistp256_with_sha256: p_recipients_public_key_compressed=", p_recipients_public_key_compressed, 32); show_hex((const int8_t*)">>> encrypt_with_ecies_nistp256_with_sha256: p_salt=", p_salt, p_salt_length); /* Sanity checks */ lib_its_security_context_t* lib_its_security_context = NULL; Loading @@ -1147,6 +1190,7 @@ int32_t encrypt_with_ecies_nistp256_with_sha256( if (result == -1) { goto end; } show_hex((const int8_t*)"encrypt_with_ecies_nistp256_with_sha256: Ephemeral key compressed=", lib_its_security_context->public_key_c, lib_its_security_context->key_length); /* 2. Generate and derive shared secret based on recipient's public keys */ result = initialize_with_public_key(nist_p_256, p_recipients_public_key_compressed, p_compressed_mode, &lib_its_security_context_comp); Loading Loading @@ -1192,6 +1236,8 @@ int32_t encrypt_with_ecies_nistp256_with_sha256( *p_encrypted_secured_message = (uint8_t*)realloc((void*)*p_encrypted_secured_message, *p_encrypted_secured_message_length + lib_its_security_context->tag_length); memcpy((void*)(*p_encrypted_secured_message + *p_encrypted_secured_message_length), (const void*)lib_its_security_context->tag, lib_its_security_context->tag_length); *p_encrypted_secured_message_length += lib_its_security_context->tag_length; fprintf(stderr, "p_encrypted_secured_message_length = %ld\n", *p_encrypted_secured_message_length); show_hex((const int8_t*)"p_encrypted_secured_message", *p_encrypted_secured_message, *p_encrypted_secured_message_length); result = 0; end: Loading Loading @@ -1483,6 +1529,11 @@ int32_t decrypt( uint8_t** p_plain_text_message, size_t* p_plain_text_message_length ) { show_hex((const int8_t*)">>> decrypt: p_cipher_message", p_cipher_message, p_cipher_message_length); show_hex((const int8_t*)">>> decrypt: sym_key", p_lib_its_security_context->sym_key, p_lib_its_security_context->sym_key_length); show_hex((const int8_t*)">>> decrypt: nonce", p_lib_its_security_context->nonce, p_lib_its_security_context->nonce_length); show_hex((const int8_t*)">>> decrypt: tag", p_lib_its_security_context->tag, p_lib_its_security_context->tag_length); /* Sanity checks */ if ((p_lib_its_security_context == NULL) || (p_lib_its_security_context->sym_key == NULL) || (p_lib_its_security_context->nonce == NULL) || (p_cipher_message == NULL) || (p_plain_text_message == NULL)) { return -1; Loading Loading @@ -1516,11 +1567,14 @@ int32_t decrypt( int len = 0; int result = EVP_DecryptUpdate(ctx, *p_plain_text_message, &len, p_cipher_message, p_cipher_message_length); EVP_CIPHER_CTX_free(ctx); show_hex((const int8_t*)"decrypt: *p_plain_text_message", *p_plain_text_message, *p_plain_text_message_length); fprintf(stderr, "decrypt: result=%d\n", result); if (result != 1) { free(*p_plain_text_message); *p_plain_text_message = NULL; } fprintf(stderr, "<<< decrypt: result=%d\n", (result > 0) ? 0 : -1); return (result > 0) ? 0 : -1; } Loading
