Commit 518d6724 authored by garciay's avatar garciay
Browse files

Add changes due to version OpenSSL 1.1.0g introduced by Ubuntu 18.04 TLS

parent 8cac6a3f

ccsrc/Protocols/Security/hmac.hh

+9 −8
Original line number Diff line number Diff line
@@ -13,7 +13,7 @@ 
#include <vector>



#include <openssl/hmac.h>

#include <openssl/objects.h>

//#include <openssl/objects.h>



/*!

 * \enum Supported hash algorithms
@@ -29,7 +29,7 @@ enum class hash_algorithms: unsigned char { 
 * \brief  This class provides description of HMAC helper methods

 */

class hmac {

  HMAC_CTX _ctx; //! HMAC context

  HMAC_CTX *_ctx; //! HMAC context

  hash_algorithms _hash_algorithms;

public:

  /*!
@@ -37,11 +37,11 @@ public: 
   *        Create a new instance of the hmac class

   * \param[in] p_hash_algorithms The hash algorithm to be used to compute the HMAC

   */

  hmac(const hash_algorithms p_hash_algorithms): _ctx{}, _hash_algorithms(p_hash_algorithms) { ::HMAC_CTX_init(&_ctx); };

  hmac(const hash_algorithms p_hash_algorithms): _ctx{nullptr}, _hash_algorithms(p_hash_algorithms) { _ctx = ::HMAC_CTX_new(); };

  /*!

   * \brief Default destructor

   */

  virtual ~hmac() { ::HMAC_CTX_cleanup(&_ctx); };

  virtual ~hmac() { if (_ctx == nullptr) { ::HMAC_CTX_free(_ctx); }; };



  /*!

   * \inline
@@ -77,19 +77,20 @@ public: 
    if ((p_buffer == nullptr) || (p_secret_key == nullptr)) {

      return -1;

    }

    ::HMAC_CTX_reset(_ctx);



    p_hmac.resize(EVP_MAX_MD_SIZE);

    if (_hash_algorithms == hash_algorithms::sha_256) {

      ::HMAC_Init_ex(&_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha256(), NULL);

      ::HMAC_Init_ex(_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha256(), NULL);

    } else if (_hash_algorithms == hash_algorithms::sha_384) {

      ::HMAC_Init_ex(&_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha384(), NULL);

      ::HMAC_Init_ex(_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha384(), NULL);

    } else { // TODO To be continued

      return -1;

    }

    // Compute the hash value

    ::HMAC_Update(&_ctx, p_buffer, p_buffer_length);

    ::HMAC_Update(_ctx, p_buffer, p_buffer_length);

    unsigned int length = p_hmac.size();

    ::HMAC_Final(&_ctx, static_cast<unsigned char*>(p_hmac.data()), &length);

    ::HMAC_Final(_ctx, static_cast<unsigned char*>(p_hmac.data()), &length);

    // Resize the hmac

    if (_hash_algorithms == hash_algorithms::sha_256) {

      p_hmac.resize(16);

ccsrc/Protocols/Security/security_ecc.cc

+62 −56
Original line number Diff line number Diff line
@@ -36,34 +36,37 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std: 
  ::EC_KEY_set_conv_form(_ec_key, POINT_CONVERSION_UNCOMPRESSED);

  

  // Build private key

  BIGNUM p;

  ::BN_init(&p);

  ::BN_bin2bn(_pri_key.data(), _pri_key.size(), &p);

  BIGNUM* p = ::BN_new();

  ::BN_bin2bn(_pri_key.data(), _pri_key.size(), p);

  // Build public keys

  EC_POINT* ec_point = ::EC_POINT_new(_ec_group);

  ::EC_POINT_mul(_ec_group, ec_point, &p, NULL, NULL, _bn_ctx);

  ::EC_POINT_mul(_ec_group, ec_point, p, NULL, NULL, _bn_ctx);

  // Set private key

  ::EC_KEY_set_private_key(_ec_key, &p);

  ::EC_KEY_set_private_key(_ec_key, p);

  if (::EC_KEY_check_key(_ec_key) != 0) {

    loggers::get_instance().error("security_ecc::security_ecc (1): Invalid private key");

  }

  ::BN_clear_free(p);

  p = nullptr;

  // Private key is correct, set public keys

  ::EC_KEY_set_public_key(_ec_key, ec_point);



  BIGNUM xy;

  ::BN_init(&xy);

  ::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, &xy, _bn_ctx);

  if (BN_num_bytes(&xy) == 0) {

  BIGNUM* xy = ::BN_new();

  ::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, xy, _bn_ctx);

  if (BN_num_bytes(xy) == 0) {

    loggers::get_instance().error("security_ecc::security_ecc (1): Failed to generate xy coordinates, check algorithms");

  }

  loggers::get_instance().log("security_ecc::security_ecc (1): xy length: %d", BN_num_bytes(&xy));

  std::vector<unsigned char> v(BN_num_bytes(&xy));

  ::BN_bn2bin(&xy, v.data());

  if ((v.size() % 2) != 0) { // TODO Check alse xy[0] == 0x04

  loggers::get_instance().log("security_ecc::security_ecc (1): xy length: %d", BN_num_bytes(xy));

  std::vector<unsigned char> v(BN_num_bytes(xy));

  ::BN_bn2bin(xy, v.data());

  if ((v.size() % 2) != 0) {

    // Remove first byte

    loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): Complete xy=", v.data(), v.size());

    v.erase(v.begin());

  }

  ::BN_clear_free(xy);

  xy = nullptr;



  loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): xy=", v.data(), v.size());

  const int l = v.size() / 2;

  _pub_key_x.resize(l);
@@ -113,12 +116,10 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std: 
  ::EC_KEY_set_conv_form(_ec_key, POINT_CONVERSION_UNCOMPRESSED);

  

  // Set public key

  BIGNUM x;

  ::BN_init(&x);

  ::BN_bin2bn(_pub_key_x.data(), _pub_key_x.size(), &x);

  BIGNUM y;

  ::BN_init(&y);

  ::BN_bin2bn(_pub_key_y.data(), _pub_key_y.size(), &y);

  BIGNUM* x = ::BN_new();

  ::BN_bin2bn(_pub_key_x.data(), _pub_key_x.size(), x);

  BIGNUM* y = ::BN_new();

  ::BN_bin2bn(_pub_key_y.data(), _pub_key_y.size(), y);

  EC_POINT* ec_point = ::EC_POINT_new(_ec_group);

  result = 0;

  switch (_elliptic_curve) {
@@ -127,14 +128,17 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std: 
  case ec_elliptic_curves::brainpool_p_256_r1:

    // No break;

  case ec_elliptic_curves::brainpool_p_384_r1:

    result = ::EC_POINT_set_affine_coordinates_GFp(_ec_group, ec_point, &x, &y, _bn_ctx); // Use primary elliptic curve

    result = ::EC_POINT_set_affine_coordinates_GFp(_ec_group, ec_point, x, y, _bn_ctx); // Use primary elliptic curve

    break;

  default: // Use Binary

    result = ::EC_POINT_set_affine_coordinates_GF2m(_ec_group, ec_point, &x, &y, _bn_ctx);

    result = ::EC_POINT_set_affine_coordinates_GF2m(_ec_group, ec_point, x, y, _bn_ctx);

  } // End of 'switch' statement

  if (result == 0) {

    loggers::get_instance().error("security_ecc::security_ecc (2): Failed to get coordinates");

  }

  ::BN_clear_free(x); x = nullptr;

  ::BN_clear_free(y); y = nullptr;



  ::EC_KEY_set_public_key(_ec_key, ec_point);

  

  // Compressed
@@ -178,9 +182,8 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std: 
  ::EC_KEY_set_conv_form(_ec_key, POINT_CONVERSION_UNCOMPRESSED);

  

  // Set public key

  BIGNUM compressed_key;

  ::BN_init(&compressed_key);

  ::BN_bin2bn(_pub_key_compressed.data(), _pub_key_compressed.size(), &compressed_key);

  BIGNUM* compressed_key = ::BN_new();

  ::BN_bin2bn(_pub_key_compressed.data(), _pub_key_compressed.size(), compressed_key);

  EC_POINT* ec_point = ::EC_POINT_new(_ec_group);

  result = 0;

  switch (_elliptic_curve) {
@@ -189,11 +192,14 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std: 
  case ec_elliptic_curves::brainpool_p_256_r1:

    // No break;

  case ec_elliptic_curves::brainpool_p_384_r1:

    result = ::EC_POINT_set_compressed_coordinates_GFp(_ec_group, ec_point, &compressed_key, (p_compressed_mode == ecc_compressed_mode::compressed_y_1) ? 1 : 0, _bn_ctx); // Use primary elliptic curve

    result = ::EC_POINT_set_compressed_coordinates_GFp(_ec_group, ec_point, compressed_key, (p_compressed_mode == ecc_compressed_mode::compressed_y_1) ? 1 : 0, _bn_ctx); // Use primary elliptic curve

    break;

  default: // Use Binary

    result = ::EC_POINT_set_compressed_coordinates_GF2m(_ec_group, ec_point, &compressed_key, (p_compressed_mode == ecc_compressed_mode::compressed_y_1) ? 1 : 0, _bn_ctx);

    result = ::EC_POINT_set_compressed_coordinates_GF2m(_ec_group, ec_point, compressed_key, (p_compressed_mode == ecc_compressed_mode::compressed_y_1) ? 1 : 0, _bn_ctx);

  } // End of 'switch' statement

  BN_clear_free(compressed_key);

  compressed_key = nullptr;



  if (result == 0) {

    loggers::get_instance().error("security_ecc::security_ecc (3): Failed to get coordinates");

  } else if (::EC_POINT_is_on_curve(_ec_group, ec_point, _bn_ctx) == 0) {
@@ -201,17 +207,18 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std: 
  }



  // Set public keys

  BIGNUM xy;

  ::BN_init(&xy);

  ::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, &xy, _bn_ctx);

  if (BN_num_bytes(&xy) == 0) {

  BIGNUM* xy = ::BN_new();

  ::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, xy, _bn_ctx);

  if (BN_num_bytes(xy) == 0) {

    loggers::get_instance().error("security_ecc::security_ecc (3): Failed to generate xy coordinates, check algorithms");

  }

  loggers::get_instance().log("security_ecc::security_ecc (3): xy length: %d", BN_num_bytes(&xy));

  loggers::get_instance().log("security_ecc::security_ecc (3): xy length: %d", BN_num_bytes(xy));

  ::EC_KEY_set_public_key(_ec_key, ec_point);

  // Generate X, Y coordinates

  std::vector<unsigned char> v(BN_num_bytes(&xy));

  ::BN_bn2bin(&xy, v.data());

  std::vector<unsigned char> v(BN_num_bytes(xy));

  ::BN_bn2bin(xy, v.data());

  ::BN_clear_free(xy);

  xy = nullptr;

  if ((v.size() % 2) != 0) { // TODO Check alse xy[0] == 0x04

    // Remove first byte

    loggers::get_instance().log_to_hexa("security_ecc::security_ecc (3): Complete xy=", v.data(), v.size());
@@ -253,9 +260,8 @@ int security_ecc::generate() { 
    return -1;

  }



  BIGNUM x, y;

  ::BN_init(&x);

  ::BN_init(&y);

  BIGNUM* x = ::BN_new();

  BIGNUM* y = ::BN_new();

  const EC_POINT* ec_point = EC_KEY_get0_public_key(_ec_key);

  int result = 0;

  int size = 0;
@@ -264,27 +270,28 @@ int security_ecc::generate() { 
    // No break;

  case ec_elliptic_curves::brainpool_p_256_r1:

    size = 32;

    result = ::EC_POINT_get_affine_coordinates_GFp(_ec_group, ec_point, &x, &y, _bn_ctx); // Use primer on elliptic curve

    result = ::EC_POINT_get_affine_coordinates_GFp(_ec_group, ec_point, x, y, _bn_ctx); // Use primer on elliptic curve

    break;

  case ec_elliptic_curves::brainpool_p_384_r1:

    size = 48;

    result = ::EC_POINT_get_affine_coordinates_GFp(_ec_group, ec_point, &x, &y, _bn_ctx); // Use primer on elliptic curve

    result = ::EC_POINT_get_affine_coordinates_GFp(_ec_group, ec_point, x, y, _bn_ctx); // Use primer on elliptic curve

    break;

  default: // Use binary

    result = ::EC_POINT_get_affine_coordinates_GF2m(_ec_group, ec_point, &x, &y, _bn_ctx);

    result = ::EC_POINT_get_affine_coordinates_GF2m(_ec_group, ec_point, x, y, _bn_ctx);

  } // End of 'switch' statement

  if (result == 0) {

    loggers::get_instance().error("security_ecc::generate: Failed to get coordinates");

    return -1;

  }

  const BIGNUM* p = ::EC_KEY_get0_private_key(_ec_key);

  

  _pri_key.resize(size);

  ::BN_bn2bin(p, _pri_key.data());

  _pub_key_x.resize(size);

  ::BN_bn2bin(&x, _pub_key_x.data());

  ::BN_bn2bin(x, _pub_key_x.data());

  _pub_key_y.resize(size);

  ::BN_bn2bin(&y, _pub_key_y.data());

  ::BN_bn2bin(y, _pub_key_y.data());

  ::BN_clear_free(x); x = nullptr;

  ::BN_clear_free(y); y = nullptr;



  // Compressed

  int len = ::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, NULL, 0, _bn_ctx);
@@ -540,10 +547,10 @@ int security_ecc::encrypt(const encryption_algotithm p_enc_algorithm, const std: 
    break;

  } // End of 'switch' statement

  // Generate _sym_key

  ::RAND_pseudo_bytes(_sym_key.data(), _sym_key.size());

  ::RAND_bytes(_sym_key.data(), _sym_key.size());

  loggers::get_instance().log_to_hexa("security_ecc::encrypt: _sym_key: ", _sym_key.data(), _sym_key.size());

  // Generate _nonce

  ::RAND_pseudo_bytes(_nonce.data(), _nonce.size());

  ::RAND_bytes(_nonce.data(), _nonce.size());

  loggers::get_instance().log_to_hexa("security_ecc::encrypt: nonce: ", _nonce.data(), _nonce.size());

  // Set nonce length

  ::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.size(), NULL);
@@ -723,11 +730,14 @@ int security_ecc::sign(const std::vector<unsigned char>& p_data, std::vector<uns 
    return -1;

  }



  p_r_sig.resize(BN_num_bytes(signature->r));

  ::BN_bn2bin(signature->r, p_r_sig.data());

  const BIGNUM* r = nullptr;

  const BIGNUM* s = nullptr;

  ::ECDSA_SIG_get0(signature, &r, &s);

  p_r_sig.resize(BN_num_bytes(r));

  ::BN_bn2bin(r, p_r_sig.data());

  loggers::get_instance().log_to_hexa("security_ecc::sign: r=", p_r_sig.data(), p_r_sig.size());

  p_s_sig.resize(BN_num_bytes(signature->r));

  ::BN_bn2bin(signature->s, p_s_sig.data());

  p_s_sig.resize(BN_num_bytes(s));

  ::BN_bn2bin(s, p_s_sig.data());

  loggers::get_instance().log_to_hexa("security_ecc::sign: s=", p_s_sig.data(), p_s_sig.size());



  ::ECDSA_SIG_free(signature);
@@ -745,16 +755,12 @@ int security_ecc::sign_verif(const std::vector<unsigned char>& p_data, const std 
  }



  // Build the signature

  BIGNUM r, s;

  ::BN_init(&r);

  ::BN_init(&s);

  ::BN_bin2bn(p_signature.data(), p_signature.size() / 2, &r);

  BIGNUM* r = ::BN_bin2bn(p_signature.data(), p_signature.size() / 2, nullptr);

  loggers::get_instance().log_to_hexa("security_ecc::sign_verify: r=", p_signature.data(), p_signature.size() / 2);

  ::BN_bin2bn(p_signature.data() + p_signature.size() / 2, p_signature.size() / 2, &s);

  BIGNUM* s = ::BN_bin2bn(p_signature.data() + p_signature.size() / 2, p_signature.size() / 2, nullptr);

  loggers::get_instance().log_to_hexa("security_ecc::sign_verify: s=", p_signature.data() + p_signature.size() / 2, p_signature.size() / 2);

  ECDSA_SIG *signature = ECDSA_SIG_new();

  signature->r = &r;

  signature->s = &s;

  ::ECDSA_SIG_set0(signature, r, s);

  // Check the signature

  int result = ::ECDSA_do_verify(p_data.data(), p_data.size(), signature, _ec_key);

  ::ECDSA_SIG_free(signature);

scripts/merge_its_project.bash

+3 −3
Original line number Diff line number Diff line
@@ -15,7 +15,7 @@ if [ ! -d ${DEST_DIR} ] 
then

	  exit -1

else

	  DEST_DIR=$DEST_DIR/to_be_merged

	  DEST_DIR=${DEST_DIR}/to_be_merged

	  if [ -d ${DEST_DIR} ]

	  then

	      rm -f ${DEST_DIR}/*
@@ -23,7 +23,7 @@ else 
	          mkdir ${DEST_DIR}

	  fi

fi



chmod 775 ${DEST_DIR}

# Execution path

RUN_PATH="${0%/*}"

SRC_ITS_PATH=~/dev/STF525_Its
@@ -254,6 +254,6 @@ do 
    rm $i

done



chmod -R 664 ${DEST_DIR}

chmod -R 664 ${DEST_DIR}/*

exit 0

ttcn/TestCodec/TestCodec_Certificates.ttcn

+4 −12
Original line number Diff line number Diff line
@@ -757,9 +757,9 @@ module TestCodec_Certificates { 
  } // End of testcase tc_at_certificate_sha256_3

   

  testcase tc_certificate_asn1c_1() runs on TCType system TCType { // CERT_IUT_A_RCA

    const octetstring c_cert := '8003008100288300000000001874e3808466a8c001012080010780012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d00808082cb6d12f0886798e4c2fac41e92e5cdf6c81682e705e0c2905b5aeaceca5bddae8080424789359de2597ab0d78a17f08acdebb10d31d3f0a25b1362e0b56c1a5080135638e7e68c8bf24a0356e570df6465b980ed52317db89822d099c6e6ee72d39d'O; // CERT_IUT_A_RCA.vkey

    const octetstring c_cert := '8003008100288300000000001874e3808466a8c001012080010780012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d00808082255b2f2a8468cc17fefcc32475f5a6016b31dc00ed35ade391d3e0f97cc31851808043f48157fbcc16ef4f89886065b60663ce8dddd66ae4e1e3acaacc62450cc8f62908f369b3c282ab3b3485704402499cb506f8cabdf0edcf0ab69c653a48ff0b'O; // CERT_IUT_A_RCA.oer

    var EtsiTs103097Certificate v_cert_dec;

    var Oct32 v_private_key := 'a005b04678dd9c1fb4f4f99816badd4bda288721c05c5108c4352c24cb539b07'O;

    var Oct32 v_private_key := 'c234fe6ccbd0dfa6a15a521e52f4e38b595e373d9c61e8d4bf0675d45e8742ea'O; // CERT_IUT_A_RCA.vkey

    var bitstring v_enc_msg := oct2bit(c_cert);

    var integer v_compressedMode;

    var Oct32 v_publicKeyCompressed := int2oct(0, 32);
@@ -888,15 +888,6 @@ module TestCodec_Certificates { 
        setverdict(fail, "Decoding failed");

    }

    

    // Create signature and compare with cprovide one

    /*v_enc_msg := encvalue(v_cert_exp);

    v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 32), v_private_key);

    if (not(match(v_sig, v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig))) {

        setverdict(fail, "Signature generation mismatch");

      } else {

        setverdict(pass, "Signature generation match");

    }*/

    

    if (ischosen(v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {

      v_compressedMode := 0;

      v_publicKeyCompressed := v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0;
@@ -904,8 +895,9 @@ module TestCodec_Certificates { 
      v_compressedMode := 1;

      v_publicKeyCompressed := v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1;

    }

    v_enc_msg := encvalue(v_cert_dec.toBeSigned);

    if (f_verifyWithEcdsaNistp256WithSha256(

                                            c_cert, 

                                            bit2oct(v_enc_msg), 

                                            int2oct(0, 32),

                                            v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,

                                            v_publicKeyCompressed,