Add changes due to version OpenSSL 1.1.0g introduced by Ubuntu 18.04 TLS

ccsrc/Protocols/Security/hmac.hh

@@ -13,7 +13,7 @@
 #include <vector>
 
 #include <openssl/hmac.h>
-#include <openssl/objects.h>
+//#include <openssl/objects.h>
 
 /*!
  * \enum Supported hash algorithms
@@ -29,7 +29,7 @@ enum class hash_algorithms: unsigned char {
  * \brief  This class provides description of HMAC helper methods
  */
 class hmac {
-  HMAC_CTX _ctx; //! HMAC context
+  HMAC_CTX *_ctx; //! HMAC context
   hash_algorithms _hash_algorithms;
 public:
   /*!
@@ -37,11 +37,11 @@ public:
    *        Create a new instance of the hmac class
    * \param[in] p_hash_algorithms The hash algorithm to be used to compute the HMAC
    */
-  hmac(const hash_algorithms p_hash_algorithms): _ctx{}, _hash_algorithms(p_hash_algorithms) { ::HMAC_CTX_init(&_ctx); };
+  hmac(const hash_algorithms p_hash_algorithms): _ctx{nullptr}, _hash_algorithms(p_hash_algorithms) { _ctx = ::HMAC_CTX_new(); };
   /*!
    * \brief Default destructor
    */
-  virtual ~hmac() { ::HMAC_CTX_cleanup(&_ctx); };
+  virtual ~hmac() { if (_ctx == nullptr) { ::HMAC_CTX_free(_ctx); }; };
 
   /*!
    * \inline
@@ -77,19 +77,20 @@ public:
     if ((p_buffer == nullptr) || (p_secret_key == nullptr)) {
       return -1;
     }
+    ::HMAC_CTX_reset(_ctx);
 
     p_hmac.resize(EVP_MAX_MD_SIZE);
     if (_hash_algorithms == hash_algorithms::sha_256) {
-      ::HMAC_Init_ex(&_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha256(), NULL);
+      ::HMAC_Init_ex(_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha256(), NULL);
     } else if (_hash_algorithms == hash_algorithms::sha_384) {
-      ::HMAC_Init_ex(&_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha384(), NULL);
+      ::HMAC_Init_ex(_ctx, (const void*)p_secret_key, (long unsigned int)p_secret_key_length, EVP_sha384(), NULL);
     } else { // TODO To be continued
       return -1;
     }
     // Compute the hash value
-    ::HMAC_Update(&_ctx, p_buffer, p_buffer_length);
+    ::HMAC_Update(_ctx, p_buffer, p_buffer_length);
     unsigned int length = p_hmac.size();
-    ::HMAC_Final(&_ctx, static_cast<unsigned char*>(p_hmac.data()), &length);
+    ::HMAC_Final(_ctx, static_cast<unsigned char*>(p_hmac.data()), &length);
     // Resize the hmac
     if (_hash_algorithms == hash_algorithms::sha_256) {
       p_hmac.resize(16);

ccsrc/Protocols/Security/security_ecc.cc

@@ -36,34 +36,37 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std:
   ::EC_KEY_set_conv_form(_ec_key, POINT_CONVERSION_UNCOMPRESSED);
   
   // Build private key
-  BIGNUM p;
-  ::BN_init(&p);
-  ::BN_bin2bn(_pri_key.data(), _pri_key.size(), &p);
+  BIGNUM* p = ::BN_new();
+  ::BN_bin2bn(_pri_key.data(), _pri_key.size(), p);
   // Build public keys
   EC_POINT* ec_point = ::EC_POINT_new(_ec_group);
-  ::EC_POINT_mul(_ec_group, ec_point, &p, NULL, NULL, _bn_ctx);
+  ::EC_POINT_mul(_ec_group, ec_point, p, NULL, NULL, _bn_ctx);
   // Set private key
-  ::EC_KEY_set_private_key(_ec_key, &p);
+  ::EC_KEY_set_private_key(_ec_key, p);
   if (::EC_KEY_check_key(_ec_key) != 0) {
     loggers::get_instance().error("security_ecc::security_ecc (1): Invalid private key");
   }
+  ::BN_clear_free(p);
+  p = nullptr;
   // Private key is correct, set public keys
   ::EC_KEY_set_public_key(_ec_key, ec_point);
 
-  BIGNUM xy;
-  ::BN_init(&xy);
-  ::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, &xy, _bn_ctx);
-  if (BN_num_bytes(&xy) == 0) {
+  BIGNUM* xy = ::BN_new();
+  ::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, xy, _bn_ctx);
+  if (BN_num_bytes(xy) == 0) {
     loggers::get_instance().error("security_ecc::security_ecc (1): Failed to generate xy coordinates, check algorithms");
   }
-  loggers::get_instance().log("security_ecc::security_ecc (1): xy length: %d", BN_num_bytes(&xy));
-  std::vector<unsigned char> v(BN_num_bytes(&xy));
-  ::BN_bn2bin(&xy, v.data());
-  if ((v.size() % 2) != 0) { // TODO Check alse xy[0] == 0x04
+  loggers::get_instance().log("security_ecc::security_ecc (1): xy length: %d", BN_num_bytes(xy));
+  std::vector<unsigned char> v(BN_num_bytes(xy));
+  ::BN_bn2bin(xy, v.data());
+  if ((v.size() % 2) != 0) {
     // Remove first byte
     loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): Complete xy=", v.data(), v.size());
     v.erase(v.begin());
   }
+  ::BN_clear_free(xy);
+  xy = nullptr;
+
   loggers::get_instance().log_to_hexa("security_ecc::security_ecc (1): xy=", v.data(), v.size());
   const int l = v.size() / 2;
   _pub_key_x.resize(l);
@@ -113,12 +116,10 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std:
   ::EC_KEY_set_conv_form(_ec_key, POINT_CONVERSION_UNCOMPRESSED);
   
   // Set public key
-  BIGNUM x;
-  ::BN_init(&x);
-  ::BN_bin2bn(_pub_key_x.data(), _pub_key_x.size(), &x);
-  BIGNUM y;
-  ::BN_init(&y);
-  ::BN_bin2bn(_pub_key_y.data(), _pub_key_y.size(), &y);
+  BIGNUM* x = ::BN_new();
+  ::BN_bin2bn(_pub_key_x.data(), _pub_key_x.size(), x);
+  BIGNUM* y = ::BN_new();
+  ::BN_bin2bn(_pub_key_y.data(), _pub_key_y.size(), y);
   EC_POINT* ec_point = ::EC_POINT_new(_ec_group);
   result = 0;
   switch (_elliptic_curve) {
@@ -127,14 +128,17 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std:
   case ec_elliptic_curves::brainpool_p_256_r1:
     // No break;
   case ec_elliptic_curves::brainpool_p_384_r1:
-    result = ::EC_POINT_set_affine_coordinates_GFp(_ec_group, ec_point, &x, &y, _bn_ctx); // Use primary elliptic curve
+    result = ::EC_POINT_set_affine_coordinates_GFp(_ec_group, ec_point, x, y, _bn_ctx); // Use primary elliptic curve
     break;
   default: // Use Binary
-    result = ::EC_POINT_set_affine_coordinates_GF2m(_ec_group, ec_point, &x, &y, _bn_ctx);
+    result = ::EC_POINT_set_affine_coordinates_GF2m(_ec_group, ec_point, x, y, _bn_ctx);
   } // End of 'switch' statement
   if (result == 0) {
     loggers::get_instance().error("security_ecc::security_ecc (2): Failed to get coordinates");
   }
+  ::BN_clear_free(x); x = nullptr;
+  ::BN_clear_free(y); y = nullptr;
+
   ::EC_KEY_set_public_key(_ec_key, ec_point);
   
   // Compressed
@@ -178,9 +182,8 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std:
   ::EC_KEY_set_conv_form(_ec_key, POINT_CONVERSION_UNCOMPRESSED);
   
   // Set public key
-  BIGNUM compressed_key;
-  ::BN_init(&compressed_key);
-  ::BN_bin2bn(_pub_key_compressed.data(), _pub_key_compressed.size(), &compressed_key);
+  BIGNUM* compressed_key = ::BN_new();
+  ::BN_bin2bn(_pub_key_compressed.data(), _pub_key_compressed.size(), compressed_key);
   EC_POINT* ec_point = ::EC_POINT_new(_ec_group);
   result = 0;
   switch (_elliptic_curve) {
@@ -189,11 +192,14 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std:
   case ec_elliptic_curves::brainpool_p_256_r1:
     // No break;
   case ec_elliptic_curves::brainpool_p_384_r1:
-    result = ::EC_POINT_set_compressed_coordinates_GFp(_ec_group, ec_point, &compressed_key, (p_compressed_mode == ecc_compressed_mode::compressed_y_1) ? 1 : 0, _bn_ctx); // Use primary elliptic curve
+    result = ::EC_POINT_set_compressed_coordinates_GFp(_ec_group, ec_point, compressed_key, (p_compressed_mode == ecc_compressed_mode::compressed_y_1) ? 1 : 0, _bn_ctx); // Use primary elliptic curve
     break;
   default: // Use Binary
-    result = ::EC_POINT_set_compressed_coordinates_GF2m(_ec_group, ec_point, &compressed_key, (p_compressed_mode == ecc_compressed_mode::compressed_y_1) ? 1 : 0, _bn_ctx);
+    result = ::EC_POINT_set_compressed_coordinates_GF2m(_ec_group, ec_point, compressed_key, (p_compressed_mode == ecc_compressed_mode::compressed_y_1) ? 1 : 0, _bn_ctx);
   } // End of 'switch' statement
+  BN_clear_free(compressed_key);
+  compressed_key = nullptr;
+
   if (result == 0) {
     loggers::get_instance().error("security_ecc::security_ecc (3): Failed to get coordinates");
   } else if (::EC_POINT_is_on_curve(_ec_group, ec_point, _bn_ctx) == 0) {
@@ -201,17 +207,18 @@ security_ecc::security_ecc(const ec_elliptic_curves p_elliptic_curve, const std:
   }
 
   // Set public keys
-  BIGNUM xy;
-  ::BN_init(&xy);
-  ::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, &xy, _bn_ctx);
-  if (BN_num_bytes(&xy) == 0) {
+  BIGNUM* xy = ::BN_new();
+  ::EC_POINT_point2bn(_ec_group, ec_point, POINT_CONVERSION_UNCOMPRESSED, xy, _bn_ctx);
+  if (BN_num_bytes(xy) == 0) {
     loggers::get_instance().error("security_ecc::security_ecc (3): Failed to generate xy coordinates, check algorithms");
   }
-  loggers::get_instance().log("security_ecc::security_ecc (3): xy length: %d", BN_num_bytes(&xy));
+  loggers::get_instance().log("security_ecc::security_ecc (3): xy length: %d", BN_num_bytes(xy));
   ::EC_KEY_set_public_key(_ec_key, ec_point);
   // Generate X, Y coordinates
-  std::vector<unsigned char> v(BN_num_bytes(&xy));
-  ::BN_bn2bin(&xy, v.data());
+  std::vector<unsigned char> v(BN_num_bytes(xy));
+  ::BN_bn2bin(xy, v.data());
+  ::BN_clear_free(xy);
+  xy = nullptr;
   if ((v.size() % 2) != 0) { // TODO Check alse xy[0] == 0x04
     // Remove first byte
     loggers::get_instance().log_to_hexa("security_ecc::security_ecc (3): Complete xy=", v.data(), v.size());
@@ -253,9 +260,8 @@ int security_ecc::generate() {
     return -1;
   }
 
-  BIGNUM x, y;
-  ::BN_init(&x);
-  ::BN_init(&y);
+  BIGNUM* x = ::BN_new();
+  BIGNUM* y = ::BN_new();
   const EC_POINT* ec_point = EC_KEY_get0_public_key(_ec_key);
   int result = 0;
   int size = 0;
@@ -264,27 +270,28 @@ int security_ecc::generate() {
     // No break;
   case ec_elliptic_curves::brainpool_p_256_r1:
     size = 32;
-    result = ::EC_POINT_get_affine_coordinates_GFp(_ec_group, ec_point, &x, &y, _bn_ctx); // Use primer on elliptic curve
+    result = ::EC_POINT_get_affine_coordinates_GFp(_ec_group, ec_point, x, y, _bn_ctx); // Use primer on elliptic curve
     break;
   case ec_elliptic_curves::brainpool_p_384_r1:
     size = 48;
-    result = ::EC_POINT_get_affine_coordinates_GFp(_ec_group, ec_point, &x, &y, _bn_ctx); // Use primer on elliptic curve
+    result = ::EC_POINT_get_affine_coordinates_GFp(_ec_group, ec_point, x, y, _bn_ctx); // Use primer on elliptic curve
     break;
   default: // Use binary
-    result = ::EC_POINT_get_affine_coordinates_GF2m(_ec_group, ec_point, &x, &y, _bn_ctx);
+    result = ::EC_POINT_get_affine_coordinates_GF2m(_ec_group, ec_point, x, y, _bn_ctx);
   } // End of 'switch' statement
   if (result == 0) {
     loggers::get_instance().error("security_ecc::generate: Failed to get coordinates");
-    return -1;
   }
   const BIGNUM* p = ::EC_KEY_get0_private_key(_ec_key);
   
   _pri_key.resize(size);
   ::BN_bn2bin(p, _pri_key.data());
   _pub_key_x.resize(size);
-  ::BN_bn2bin(&x, _pub_key_x.data());
+  ::BN_bn2bin(x, _pub_key_x.data());
   _pub_key_y.resize(size);
-  ::BN_bn2bin(&y, _pub_key_y.data());
+  ::BN_bn2bin(y, _pub_key_y.data());
+  ::BN_clear_free(x); x = nullptr;
+  ::BN_clear_free(y); y = nullptr;
 
   // Compressed
   int len = ::EC_POINT_point2oct(_ec_group, ec_point, POINT_CONVERSION_COMPRESSED, NULL, 0, _bn_ctx);
@@ -540,10 +547,10 @@ int security_ecc::encrypt(const encryption_algotithm p_enc_algorithm, const std:
     break;
   } // End of 'switch' statement
   // Generate _sym_key
-  ::RAND_pseudo_bytes(_sym_key.data(), _sym_key.size());
+  ::RAND_bytes(_sym_key.data(), _sym_key.size());
   loggers::get_instance().log_to_hexa("security_ecc::encrypt: _sym_key: ", _sym_key.data(), _sym_key.size());
   // Generate _nonce
-  ::RAND_pseudo_bytes(_nonce.data(), _nonce.size());
+  ::RAND_bytes(_nonce.data(), _nonce.size());
   loggers::get_instance().log_to_hexa("security_ecc::encrypt: nonce: ", _nonce.data(), _nonce.size());
   // Set nonce length
   ::EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, _nonce.size(), NULL);
@@ -722,12 +729,15 @@ int security_ecc::sign(const std::vector<unsigned char>& p_data, std::vector<uns
     loggers::get_instance().warning("security_ecc::sign: Signature not verified");
     return -1;
   }
-  
-  p_r_sig.resize(BN_num_bytes(signature->r));
-  ::BN_bn2bin(signature->r, p_r_sig.data());
+
+  const BIGNUM* r = nullptr;
+  const BIGNUM* s = nullptr;
+  ::ECDSA_SIG_get0(signature, &r, &s);
+  p_r_sig.resize(BN_num_bytes(r));
+  ::BN_bn2bin(r, p_r_sig.data());
   loggers::get_instance().log_to_hexa("security_ecc::sign: r=", p_r_sig.data(), p_r_sig.size());
-  p_s_sig.resize(BN_num_bytes(signature->r));
-  ::BN_bn2bin(signature->s, p_s_sig.data());
+  p_s_sig.resize(BN_num_bytes(s));
+  ::BN_bn2bin(s, p_s_sig.data());
   loggers::get_instance().log_to_hexa("security_ecc::sign: s=", p_s_sig.data(), p_s_sig.size());
 
   ::ECDSA_SIG_free(signature);
@@ -745,16 +755,12 @@ int security_ecc::sign_verif(const std::vector<unsigned char>& p_data, const std
   }
 
   // Build the signature
-  BIGNUM r, s;
-  ::BN_init(&r);
-  ::BN_init(&s);
-  ::BN_bin2bn(p_signature.data(), p_signature.size() / 2, &r);
+  BIGNUM* r = ::BN_bin2bn(p_signature.data(), p_signature.size() / 2, nullptr);
   loggers::get_instance().log_to_hexa("security_ecc::sign_verify: r=", p_signature.data(), p_signature.size() / 2);
-  ::BN_bin2bn(p_signature.data() + p_signature.size() / 2, p_signature.size() / 2, &s);
+  BIGNUM* s = ::BN_bin2bn(p_signature.data() + p_signature.size() / 2, p_signature.size() / 2, nullptr);
   loggers::get_instance().log_to_hexa("security_ecc::sign_verify: s=", p_signature.data() + p_signature.size() / 2, p_signature.size() / 2);
   ECDSA_SIG *signature = ECDSA_SIG_new();
-  signature->r = &r;
-  signature->s = &s;
+  ::ECDSA_SIG_set0(signature, r, s);
   // Check the signature
   int result = ::ECDSA_do_verify(p_data.data(), p_data.size(), signature, _ec_key);
   ::ECDSA_SIG_free(signature);

scripts/merge_its_project.bash

@@ -15,7 +15,7 @@ if [ ! -d ${DEST_DIR} ]
 then
 	  exit -1
 else
-	  DEST_DIR=$DEST_DIR/to_be_merged
+	  DEST_DIR=${DEST_DIR}/to_be_merged
 	  if [ -d ${DEST_DIR} ]
 	  then
 	      rm -f ${DEST_DIR}/*
@@ -23,7 +23,7 @@ else
 	          mkdir ${DEST_DIR}
 	  fi
 fi
-
+chmod 775 ${DEST_DIR}
 # Execution path
 RUN_PATH="${0%/*}"
 SRC_ITS_PATH=~/dev/STF525_Its
@@ -254,6 +254,6 @@ do
     rm $i
 done
 
-chmod -R 664 ${DEST_DIR}
+chmod -R 664 ${DEST_DIR}/*
 exit 0
 

ttcn/TestCodec/TestCodec_Certificates.ttcn

@@ -757,9 +757,9 @@ module TestCodec_Certificates {
   } // End of testcase tc_at_certificate_sha256_3
    
   testcase tc_certificate_asn1c_1() runs on TCType system TCType { // CERT_IUT_A_RCA
-    const octetstring c_cert := '8003008100288300000000001874e3808466a8c001012080010780012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d00808082cb6d12f0886798e4c2fac41e92e5cdf6c81682e705e0c2905b5aeaceca5bddae8080424789359de2597ab0d78a17f08acdebb10d31d3f0a25b1362e0b56c1a5080135638e7e68c8bf24a0356e570df6465b980ed52317db89822d099c6e6ee72d39d'O; // CERT_IUT_A_RCA.vkey
+    const octetstring c_cert := '8003008100288300000000001874e3808466a8c001012080010780012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d00808082255b2f2a8468cc17fefcc32475f5a6016b31dc00ed35ade391d3e0f97cc31851808043f48157fbcc16ef4f89886065b60663ce8dddd66ae4e1e3acaacc62450cc8f62908f369b3c282ab3b3485704402499cb506f8cabdf0edcf0ab69c653a48ff0b'O; // CERT_IUT_A_RCA.oer
     var EtsiTs103097Certificate v_cert_dec;
-    var Oct32 v_private_key := 'a005b04678dd9c1fb4f4f99816badd4bda288721c05c5108c4352c24cb539b07'O;
+    var Oct32 v_private_key := 'c234fe6ccbd0dfa6a15a521e52f4e38b595e373d9c61e8d4bf0675d45e8742ea'O; // CERT_IUT_A_RCA.vkey
     var bitstring v_enc_msg := oct2bit(c_cert);
     var integer v_compressedMode;
     var Oct32 v_publicKeyCompressed := int2oct(0, 32);
@@ -888,15 +888,6 @@ module TestCodec_Certificates {
         setverdict(fail, "Decoding failed");
     }
     
-    // Create signature and compare with cprovide one
-    /*v_enc_msg := encvalue(v_cert_exp);
-    v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 32), v_private_key);
-    if (not(match(v_sig, v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig))) {
-        setverdict(fail, "Signature generation mismatch");
-      } else {
-        setverdict(pass, "Signature generation match");
-    }*/
-    
     if (ischosen(v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
       v_compressedMode := 0;
       v_publicKeyCompressed := v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0;
@@ -904,8 +895,9 @@ module TestCodec_Certificates {
       v_compressedMode := 1;
       v_publicKeyCompressed := v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1;
     }
+    v_enc_msg := encvalue(v_cert_dec.toBeSigned);
     if (f_verifyWithEcdsaNistp256WithSha256(
-                                            c_cert, 
+                                            bit2oct(v_enc_msg), 
                                             int2oct(0, 32),
                                             v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
                                             v_publicKeyCompressed,