Loading README.md +12 −0 Original line number Diff line number Diff line Loading @@ -262,6 +262,18 @@ $ make - After the build, binaries are located in ~/frameworks/wireshark-build/run folder - To distinguish this version of Wireshark from the others, a development tag 'ETSI ITS Protocols' is displayed on the GUI version - You have to provide also the following link to indicate the location of the new built plugins ```sh $ sudo ln -sf /home/vagrant/frameworks/wireshark-build/run/plugins/2.9 /usr/local/lib/wireshark/plugins/2.9 ``` The following instructions enable the verify signature in real time. Note: The verify signature can be done only if the certificate in include in the message - In the Wireshak menu Edit/Preferences, select Protocols in the list on the left - Search for 'ETSI ITS GeoNetworking' protocol - Check the option 'Attempt to verify signatures - Click on OK to validate your choice ## How to Report a Bug Loading ccsrc/Externals/LibItsSecurity_externals.cc +58 −35 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ namespace LibItsSecurity__Functions /** * \fn OCTETSTRING fx__signWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2 * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key Loading Loading @@ -119,6 +119,13 @@ namespace LibItsSecurity__Functions return OCTETSTRING(0, nullptr); } /** * \fn OCTETSTRING fx__signWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on raw data * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__privateKey The private key * \return The signature value */ OCTETSTRING fx__test__signWithEcdsaNistp256WithSha256( const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey Loading Loading @@ -154,7 +161,7 @@ namespace LibItsSecurity__Functions /** * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2 * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key Loading Loading @@ -204,7 +211,7 @@ namespace LibItsSecurity__Functions /** * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2 * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key Loading Loading @@ -254,7 +261,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaNistp256PublicKeyCompressed); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading Loading @@ -299,6 +306,14 @@ namespace LibItsSecurity__Functions return FALSE; } /** * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__ecdsaNistp256PublicKeyCompressed); * \brief Verify the signature of the specified data based on raw data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__signature The signature * \param[in] p__ecdsaNistp256PublicKeyCompressed The compressed public key (x coordinate only) * \return true on success, false otherwise */ BOOLEAN fx__test__verifyWithEcdsaNistp256WithSha256( const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, Loading Loading @@ -327,7 +342,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaNistp256PublicKeyX, const OCTETSTRING& p__ecdsaNistp256PublicKeyY); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading @@ -343,7 +358,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaNistp256PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64) || (p__ecdsaNistp256PublicKeyX.lengthof() != 32) || (p__ecdsaNistp256PublicKeyY.lengthof() != 32)) { loggers::get_instance().log("fx__verifyWithEcdsaNistp256WithSha256__1: Wrong parameters"); return FALSE; } Loading Loading @@ -376,7 +391,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyCompressed); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading Loading @@ -423,7 +438,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading @@ -439,7 +454,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64) || (p__ecdsaBrainpoolp256PublicKeyX.lengthof() != 32) || (p__ecdsaBrainpoolp256PublicKeyY.lengthof() != 32)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Wrong parameters"); return FALSE; } Loading Loading @@ -471,7 +486,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyCompressed); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading Loading @@ -518,7 +533,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading @@ -534,7 +549,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96)) { if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96) || (p__ecdsaBrainpoolp384PublicKeyX.lengthof() != 48) || (p__ecdsaBrainpoolp384PublicKeyY.lengthof() != 48)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp384WithSha384__1: Wrong parameters"); return FALSE; } Loading Loading @@ -565,91 +580,99 @@ namespace LibItsSecurity__Functions } /** * \fn OCTETSTRING fx__test__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m); * \fn OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m); * \brief Generate a HMAC-SHA256 value based on the provided secret key * \param[in] p__k The secret key used for the HMAC calculation * \param[in] p__m The message * \return The HMAC value resized to 16-byte */ OCTETSTRING fx__test__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) { loggers::get_instance().log(">>> fx__test__hmac__sha256"); OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) { loggers::get_instance().log(">>> fx__hmac__sha256"); hmac h(hash_algorithms::sha_256); // TODO Use ec_encryption_algorithm OCTETSTRING t; if (h.generate(p__m, p__k, t) == -1) { loggers::get_instance().warning("fx__test__hmac__sha256: Failed to generate HMAC"); loggers::get_instance().warning("fx__hmac__sha256: Failed to generate HMAC"); return OCTETSTRING(0, nullptr); } loggers::get_instance().log_msg("fx__test__hmac__sha256: HMAC: ", t); loggers::get_instance().log_msg("fx__hmac__sha256: HMAC: ", t); return t; } /** * \fn OCTETSTRING fx__test__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt); * \fn OCTETSTRING fx__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt); * \brief Encrypt the message using AES 128 CCM algorithm * \param[in] p__k The symmetric encryption key * \param[in] p__n The initial vector, nonce vector * \param[in] p__pt The message to encrypt * \return The encrypted message concatenated to the AES 128 CCM tag */ OCTETSTRING fx__test__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__test__encrypt__aes__128__ccm__test"); OCTETSTRING fx__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__encrypt__aes__128__ccm__test"); security_ecc ec(ec_elliptic_curves::nist_p_256); OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_ccm, p__k, p__n, p__pt, enc_message) == -1) { loggers::get_instance().warning("fx__test__encrypt__aes__128__ccm__test: Failed to encrypt message"); loggers::get_instance().warning("fx__encrypt__aes__128__ccm__test: Failed to encrypt message"); return OCTETSTRING(0, nullptr); } OCTETSTRING os(enc_message + ec.tag()); loggers::get_instance().log_msg("fx__test__encrypt__aes__128__ccm__test: encrypted message: ", os); loggers::get_instance().log_msg("fx__encrypt__aes__128__ccm__test: encrypted message: ", os); return os; } OCTETSTRING fx__test__encrypt__aes__128__gcm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__test__encrypt__aes__128__gcm__test"); /** * \fn OCTETSTRING fx__encrypt__aes__128__gcm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt); * \brief Encrypt the message using AES 128 GCM algorithm * \param[in] p__k The symmetric encryption key * \param[in] p__n The initial vector, nonce vector * \param[in] p__pt The message to encrypt * \return The encrypted message concatenated to the AES 128 CCM tag */ OCTETSTRING fx__encrypt__aes__128__gcm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__encrypt__aes__128__gcm__test"); security_ecc ec(ec_elliptic_curves::nist_p_256); OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_gcm, p__k, p__n, p__pt, enc_message) == -1) { loggers::get_instance().warning("fx__test__encrypt__aes__128__gcm__test: Failed to encrypt message"); loggers::get_instance().warning("fx__encrypt__aes__128__gcm__test: Failed to encrypt message"); return OCTETSTRING(0, nullptr); } OCTETSTRING os(enc_message + ec.tag()); loggers::get_instance().log_msg("fx__test__encrypt__aes__128__gcm__test: encrypted message: ", os); loggers::get_instance().log_msg("fx__encrypt__aes__128__gcm__test: encrypted message: ", os); return os; } /** * \fn OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct); * \fn OCTETSTRING fx__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct); * \brief Encrypt the message using AES 128 CCM algorithm * \param[in] p__k The symmetric encryption key * \param[in] p__n The initial vector, nonce vector * \param[in] p__ct The encrypted message concatenated to the AES 128 CCM tag * \return The original message */ OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct) { loggers::get_instance().log_msg(">>> fx__test__decrypt__aes__128__ccm__test: p__k: ", p__k); loggers::get_instance().log_msg(">>> fx__test__decrypt__aes__128__ccm__test: p__n: ", p__n); loggers::get_instance().log_msg(">>> fx__test__decrypt__aes__128__ccm__test: p__ct: ", p__ct); OCTETSTRING fx__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct) { loggers::get_instance().log_msg(">>> fx__decrypt__aes__128__ccm__test: p__k: ", p__k); loggers::get_instance().log_msg(">>> fx__decrypt__aes__128__ccm__test: p__n: ", p__n); loggers::get_instance().log_msg(">>> fx__decrypt__aes__128__ccm__test: p__ct: ", p__ct); security_ecc ec(ec_elliptic_curves::nist_p_256); // Extract the tag OCTETSTRING tag(16, p__ct.lengthof() - 16 + static_cast<const unsigned char*>(p__ct)); loggers::get_instance().log_msg("fx__test__decrypt__aes__128__ccm__test: tag: ", tag); loggers::get_instance().log_msg("fx__decrypt__aes__128__ccm__test: tag: ", tag); // Remove the tag from the end of the encrypted message OCTETSTRING ct(p__ct.lengthof() - 16, static_cast<const unsigned char*>(p__ct)); loggers::get_instance().log_msg("fx__test__decrypt__aes__128__ccm__test: ct: ", ct); loggers::get_instance().log_msg("fx__decrypt__aes__128__ccm__test: ct: ", ct); OCTETSTRING message; if (ec.decrypt(encryption_algotithm::aes_128_ccm, p__k, p__n, tag, ct, message) == -1) { loggers::get_instance().warning("fx__test__decrypt__aes__128__ccm__test: Failed to decrypt message"); loggers::get_instance().warning("fx__decrypt__aes__128__ccm__test: Failed to decrypt message"); return OCTETSTRING(0, nullptr); } loggers::get_instance().log_to_hexa("fx__test__decrypt__aes__128__ccm__test: decrypted message: ", message); loggers::get_instance().log_to_hexa("fx__decrypt__aes__128__ccm__test: decrypted message: ", message); return message; } Loading etc/AtsPki/AtsPki.cfg +2 −2 Original line number Diff line number Diff line Loading @@ -127,8 +127,8 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)" [EXECUTE] #ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_01 #ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_02 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01 ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02 ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_04 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_05 Loading etc/TestCodec/TestCodec.cfg +0 −1 Original line number Diff line number Diff line Loading @@ -351,7 +351,6 @@ TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_4 #TestCodec_Pki.tc_decode_inner_ec_response_1 #TestCodec_Pki.tc_inner_ec_request_1 #TestCodec_Pki.tc_inner_ec_request_2 #TestCodec_Pki.tc_inner_ec_request_3 #TestCodec_Pki.tc_inner_ec_response_1 #TestCodec_Pki.tc_inner_ec_response_2 #TestCodec_Pki.tc_inner_ec_response_3 Loading ttcn/AtsPki/ItsPki_TestCases.ttcn +124 −313 File changed.Preview size limit exceeded, changes collapsed. Show changes Loading
README.md +12 −0 Original line number Diff line number Diff line Loading @@ -262,6 +262,18 @@ $ make - After the build, binaries are located in ~/frameworks/wireshark-build/run folder - To distinguish this version of Wireshark from the others, a development tag 'ETSI ITS Protocols' is displayed on the GUI version - You have to provide also the following link to indicate the location of the new built plugins ```sh $ sudo ln -sf /home/vagrant/frameworks/wireshark-build/run/plugins/2.9 /usr/local/lib/wireshark/plugins/2.9 ``` The following instructions enable the verify signature in real time. Note: The verify signature can be done only if the certificate in include in the message - In the Wireshak menu Edit/Preferences, select Protocols in the list on the left - Search for 'ETSI ITS GeoNetworking' protocol - Check the option 'Attempt to verify signatures - Click on OK to validate your choice ## How to Report a Bug Loading
ccsrc/Externals/LibItsSecurity_externals.cc +58 −35 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ namespace LibItsSecurity__Functions /** * \fn OCTETSTRING fx__signWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2 * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key Loading Loading @@ -119,6 +119,13 @@ namespace LibItsSecurity__Functions return OCTETSTRING(0, nullptr); } /** * \fn OCTETSTRING fx__signWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on raw data * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__privateKey The private key * \return The signature value */ OCTETSTRING fx__test__signWithEcdsaNistp256WithSha256( const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey Loading Loading @@ -154,7 +161,7 @@ namespace LibItsSecurity__Functions /** * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2 * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key Loading Loading @@ -204,7 +211,7 @@ namespace LibItsSecurity__Functions /** * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2 * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key Loading Loading @@ -254,7 +261,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaNistp256PublicKeyCompressed); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading Loading @@ -299,6 +306,14 @@ namespace LibItsSecurity__Functions return FALSE; } /** * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__ecdsaNistp256PublicKeyCompressed); * \brief Verify the signature of the specified data based on raw data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__signature The signature * \param[in] p__ecdsaNistp256PublicKeyCompressed The compressed public key (x coordinate only) * \return true on success, false otherwise */ BOOLEAN fx__test__verifyWithEcdsaNistp256WithSha256( const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, Loading Loading @@ -327,7 +342,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaNistp256PublicKeyX, const OCTETSTRING& p__ecdsaNistp256PublicKeyY); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading @@ -343,7 +358,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaNistp256PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64) || (p__ecdsaNistp256PublicKeyX.lengthof() != 32) || (p__ecdsaNistp256PublicKeyY.lengthof() != 32)) { loggers::get_instance().log("fx__verifyWithEcdsaNistp256WithSha256__1: Wrong parameters"); return FALSE; } Loading Loading @@ -376,7 +391,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyCompressed); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading Loading @@ -423,7 +438,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading @@ -439,7 +454,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64) || (p__ecdsaBrainpoolp256PublicKeyX.lengthof() != 32) || (p__ecdsaBrainpoolp256PublicKeyY.lengthof() != 32)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Wrong parameters"); return FALSE; } Loading Loading @@ -471,7 +486,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyCompressed); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading Loading @@ -518,7 +533,7 @@ namespace LibItsSecurity__Functions /** * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY); * \brief Verify the signature of the specified data * \brief Verify the signature of the specified data based on standard IEEE 1609.2 * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature Loading @@ -534,7 +549,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96)) { if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96) || (p__ecdsaBrainpoolp384PublicKeyX.lengthof() != 48) || (p__ecdsaBrainpoolp384PublicKeyY.lengthof() != 48)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp384WithSha384__1: Wrong parameters"); return FALSE; } Loading Loading @@ -565,91 +580,99 @@ namespace LibItsSecurity__Functions } /** * \fn OCTETSTRING fx__test__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m); * \fn OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m); * \brief Generate a HMAC-SHA256 value based on the provided secret key * \param[in] p__k The secret key used for the HMAC calculation * \param[in] p__m The message * \return The HMAC value resized to 16-byte */ OCTETSTRING fx__test__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) { loggers::get_instance().log(">>> fx__test__hmac__sha256"); OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) { loggers::get_instance().log(">>> fx__hmac__sha256"); hmac h(hash_algorithms::sha_256); // TODO Use ec_encryption_algorithm OCTETSTRING t; if (h.generate(p__m, p__k, t) == -1) { loggers::get_instance().warning("fx__test__hmac__sha256: Failed to generate HMAC"); loggers::get_instance().warning("fx__hmac__sha256: Failed to generate HMAC"); return OCTETSTRING(0, nullptr); } loggers::get_instance().log_msg("fx__test__hmac__sha256: HMAC: ", t); loggers::get_instance().log_msg("fx__hmac__sha256: HMAC: ", t); return t; } /** * \fn OCTETSTRING fx__test__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt); * \fn OCTETSTRING fx__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt); * \brief Encrypt the message using AES 128 CCM algorithm * \param[in] p__k The symmetric encryption key * \param[in] p__n The initial vector, nonce vector * \param[in] p__pt The message to encrypt * \return The encrypted message concatenated to the AES 128 CCM tag */ OCTETSTRING fx__test__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__test__encrypt__aes__128__ccm__test"); OCTETSTRING fx__encrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__encrypt__aes__128__ccm__test"); security_ecc ec(ec_elliptic_curves::nist_p_256); OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_ccm, p__k, p__n, p__pt, enc_message) == -1) { loggers::get_instance().warning("fx__test__encrypt__aes__128__ccm__test: Failed to encrypt message"); loggers::get_instance().warning("fx__encrypt__aes__128__ccm__test: Failed to encrypt message"); return OCTETSTRING(0, nullptr); } OCTETSTRING os(enc_message + ec.tag()); loggers::get_instance().log_msg("fx__test__encrypt__aes__128__ccm__test: encrypted message: ", os); loggers::get_instance().log_msg("fx__encrypt__aes__128__ccm__test: encrypted message: ", os); return os; } OCTETSTRING fx__test__encrypt__aes__128__gcm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__test__encrypt__aes__128__gcm__test"); /** * \fn OCTETSTRING fx__encrypt__aes__128__gcm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt); * \brief Encrypt the message using AES 128 GCM algorithm * \param[in] p__k The symmetric encryption key * \param[in] p__n The initial vector, nonce vector * \param[in] p__pt The message to encrypt * \return The encrypted message concatenated to the AES 128 CCM tag */ OCTETSTRING fx__encrypt__aes__128__gcm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__pt) { loggers::get_instance().log(">>> fx__encrypt__aes__128__gcm__test"); security_ecc ec(ec_elliptic_curves::nist_p_256); OCTETSTRING enc_message; if (ec.encrypt(encryption_algotithm::aes_128_gcm, p__k, p__n, p__pt, enc_message) == -1) { loggers::get_instance().warning("fx__test__encrypt__aes__128__gcm__test: Failed to encrypt message"); loggers::get_instance().warning("fx__encrypt__aes__128__gcm__test: Failed to encrypt message"); return OCTETSTRING(0, nullptr); } OCTETSTRING os(enc_message + ec.tag()); loggers::get_instance().log_msg("fx__test__encrypt__aes__128__gcm__test: encrypted message: ", os); loggers::get_instance().log_msg("fx__encrypt__aes__128__gcm__test: encrypted message: ", os); return os; } /** * \fn OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct); * \fn OCTETSTRING fx__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct); * \brief Encrypt the message using AES 128 CCM algorithm * \param[in] p__k The symmetric encryption key * \param[in] p__n The initial vector, nonce vector * \param[in] p__ct The encrypted message concatenated to the AES 128 CCM tag * \return The original message */ OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct) { loggers::get_instance().log_msg(">>> fx__test__decrypt__aes__128__ccm__test: p__k: ", p__k); loggers::get_instance().log_msg(">>> fx__test__decrypt__aes__128__ccm__test: p__n: ", p__n); loggers::get_instance().log_msg(">>> fx__test__decrypt__aes__128__ccm__test: p__ct: ", p__ct); OCTETSTRING fx__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct) { loggers::get_instance().log_msg(">>> fx__decrypt__aes__128__ccm__test: p__k: ", p__k); loggers::get_instance().log_msg(">>> fx__decrypt__aes__128__ccm__test: p__n: ", p__n); loggers::get_instance().log_msg(">>> fx__decrypt__aes__128__ccm__test: p__ct: ", p__ct); security_ecc ec(ec_elliptic_curves::nist_p_256); // Extract the tag OCTETSTRING tag(16, p__ct.lengthof() - 16 + static_cast<const unsigned char*>(p__ct)); loggers::get_instance().log_msg("fx__test__decrypt__aes__128__ccm__test: tag: ", tag); loggers::get_instance().log_msg("fx__decrypt__aes__128__ccm__test: tag: ", tag); // Remove the tag from the end of the encrypted message OCTETSTRING ct(p__ct.lengthof() - 16, static_cast<const unsigned char*>(p__ct)); loggers::get_instance().log_msg("fx__test__decrypt__aes__128__ccm__test: ct: ", ct); loggers::get_instance().log_msg("fx__decrypt__aes__128__ccm__test: ct: ", ct); OCTETSTRING message; if (ec.decrypt(encryption_algotithm::aes_128_ccm, p__k, p__n, tag, ct, message) == -1) { loggers::get_instance().warning("fx__test__decrypt__aes__128__ccm__test: Failed to decrypt message"); loggers::get_instance().warning("fx__decrypt__aes__128__ccm__test: Failed to decrypt message"); return OCTETSTRING(0, nullptr); } loggers::get_instance().log_to_hexa("fx__test__decrypt__aes__128__ccm__test: decrypted message: ", message); loggers::get_instance().log_to_hexa("fx__decrypt__aes__128__ccm__test: decrypted message: ", message); return message; } Loading
etc/AtsPki/AtsPki.cfg +2 −2 Original line number Diff line number Diff line Loading @@ -127,8 +127,8 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)" [EXECUTE] #ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_01 #ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_02 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01 ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02 ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_04 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_05 Loading
etc/TestCodec/TestCodec.cfg +0 −1 Original line number Diff line number Diff line Loading @@ -351,7 +351,6 @@ TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaNistp256WithSha256_4 #TestCodec_Pki.tc_decode_inner_ec_response_1 #TestCodec_Pki.tc_inner_ec_request_1 #TestCodec_Pki.tc_inner_ec_request_2 #TestCodec_Pki.tc_inner_ec_request_3 #TestCodec_Pki.tc_inner_ec_response_1 #TestCodec_Pki.tc_inner_ec_response_2 #TestCodec_Pki.tc_inner_ec_response_3 Loading
ttcn/AtsPki/ItsPki_TestCases.ttcn +124 −313 File changed.Preview size limit exceeded, changes collapsed. Show changes
