Commit 68c52bb0 authored by garciay's avatar garciay
Browse files

STF525: Add encryption support in Test System

STF545: Start TestSystem support
parent 12fde3ae
...@@ -361,9 +361,9 @@ namespace LibItsSecurity__Functions ...@@ -361,9 +361,9 @@ namespace LibItsSecurity__Functions
return OCTETSTRING(); return OCTETSTRING();
} }
// 2. Generate and derive shared secret // 2. Generate and derive shared secret
std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX)); std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY)); std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) { if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key"); loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING(); return OCTETSTRING();
} }
...@@ -450,9 +450,9 @@ namespace LibItsSecurity__Functions ...@@ -450,9 +450,9 @@ namespace LibItsSecurity__Functions
return OCTETSTRING(); return OCTETSTRING();
} }
// 2. Generate and derive shared secret // 2. Generate and derive shared secret
std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX)); std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY)); std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) { if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key"); loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING(); return OCTETSTRING();
} }
......
// This Test Port skeleton source file was generated by the
// TTCN-3 Compiler of the TTCN-3 Test Executor version CRL 113 200/5 R3A
// for U-ERICSSON\ethgry (ethgry@HU00078339) on Fri Aug 14 21:19:06 2015
// Copyright Ericsson Telecom AB 2000-2014
// You may modify this file. Complete the body of empty functions and
// add your member functions here.
#include "PkiPort.hh"
namespace LibItsPki__TestSystem {
PkiPort::PkiPort(const char *par_port_name)
: PkiPort_BASE(par_port_name)
{
}
PkiPort::~PkiPort()
{
}
void PkiPort::set_parameter(const char * /*parameter_name*/,
const char * /*parameter_value*/)
{
}
/*void PkiPort::Handle_Fd_Event(int fd, boolean is_readable,
boolean is_writable, boolean is_error) {}*/
void PkiPort::Handle_Fd_Event_Error(int /*fd*/)
{
}
void PkiPort::Handle_Fd_Event_Writable(int /*fd*/)
{
}
void PkiPort::Handle_Fd_Event_Readable(int /*fd*/)
{
}
/*void PkiPort::Handle_Timeout(double time_since_last_call) {}*/
void PkiPort::user_map(const char * /*system_port*/)
{
}
void PkiPort::user_unmap(const char * /*system_port*/)
{
}
void PkiPort::user_start()
{
}
void PkiPort::user_stop()
{
}
void PkiPort::outgoing_send(const LibItsPki__TestSystem::PkiReq& /*send_par*/)
{
}
} /* end of namespace */
// This Test Port skeleton header file was generated by the
// TTCN-3 Compiler of the TTCN-3 Test Executor version CRL 113 200/5 R3A
// for U-ERICSSON\ethgry (ethgry@HU00078339) on Fri Aug 14 21:19:06 2015
// Copyright Ericsson Telecom AB 2000-2014
// You may modify this file. Add your attributes and prototypes of your
// member functions here.
#ifndef PkiPort_HH
#define PkiPort_HH
#include "LibItsPki_TestSystem.hh"
namespace LibItsPki__TestSystem {
class PkiPort : public PkiPort_BASE {
public:
PkiPort(const char *par_port_name = NULL);
~PkiPort();
void set_parameter(const char *parameter_name,
const char *parameter_value);
private:
/* void Handle_Fd_Event(int fd, boolean is_readable,
boolean is_writable, boolean is_error); */
void Handle_Fd_Event_Error(int fd);
void Handle_Fd_Event_Writable(int fd);
void Handle_Fd_Event_Readable(int fd);
/* void Handle_Timeout(double time_since_last_call); */
protected:
void user_map(const char *system_port);
void user_unmap(const char *system_port);
void user_start();
void user_stop();
void outgoing_send(const LibItsPki__TestSystem::PkiReq& send_par);
};
} /* end of namespace */
#endif
...@@ -85,19 +85,21 @@ void ConfigRsuSimulatorLayer::receive_data(OCTETSTRING& data, Params& params) ...@@ -85,19 +85,21 @@ void ConfigRsuSimulatorLayer::receive_data(OCTETSTRING& data, Params& params)
unsigned char id = *(static_cast<const unsigned char*>(data)); unsigned char id = *(static_cast<const unsigned char*>(data));
if (id == 0x00) { // Receive an UtxxInitialise if (id == 0x00) { // Receive an UtxxInitialise
process_data(data, params); process_utinitialize_data(data, params);
} else if (id == 0x00) { // Receive an UtCamChangeSpeed
process_ut_cam_changespeed_data(data, params);
} else { } else {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::receive_data: Unsupported tag %02x", id); loggers::get_instance().warning("ConfigRsuSimulatorLayer::receive_data: Unsupported tag %02x", id);
} }
} }
int ConfigRsuSimulatorLayer::process_data(OCTETSTRING& data, Params& params) { int ConfigRsuSimulatorLayer::process_utinitialize_data(OCTETSTRING& data, Params& params) {
loggers::get_instance().log("ConfigRsuSimulatorLayer::process_data"); loggers::get_instance().log("ConfigRsuSimulatorLayer::process_utinitialize_data");
Params::const_iterator it = _params.find("ut"); Params::const_iterator it = _params.find("ut");
if (it == _params.cend()) { if (it == _params.cend()) {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_data: CF layer's ut parameter is missing"); loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_utinitialize_data: CF layer's ut parameter is missing");
return -1; return -1;
} }
...@@ -117,7 +119,30 @@ int ConfigRsuSimulatorLayer::process_data(OCTETSTRING& data, Params& params) { ...@@ -117,7 +119,30 @@ int ConfigRsuSimulatorLayer::process_data(OCTETSTRING& data, Params& params) {
// Pass it to the ports if any // Pass it to the ports if any
to_all_upper_ports(p, params); to_all_upper_ports(p, params);
} else { } else {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_data: Unsupported protocol"); loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_utinitialize_data: Unsupported protocol");
return -1;
}
return 0;
}
int ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data(OCTETSTRING& data, Params& params) {
loggers::get_instance().log("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data");
Params::const_iterator it = _params.find("ut");
if (it == _params.cend()) {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data: CF layer's ut parameter is missing");
return -1;
}
if (_params[std::string("ut")].compare("cam") == 0) {
OCTETSTRING speed(data.lengthof() - 1, 1 + static_cast<const unsigned char*>(data));
LibItsCam__TypesAndValues::UtCamTrigger p;
p.changeSpeed() = oct2int(speed);
// Pass it to the ports if any
to_all_upper_ports(p, params);
} else {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data: Unsupported protocol");
return -1; return -1;
} }
......
...@@ -40,6 +40,7 @@ public: ...@@ -40,6 +40,7 @@ public:
virtual void receive_data(OCTETSTRING& data, Params& params); virtual void receive_data(OCTETSTRING& data, Params& params);
private: private:
int process_data(OCTETSTRING& data, Params& params); int process_utinitialize_data(OCTETSTRING& data, Params& params);
int process_ut_cam_changespeed_data(OCTETSTRING& data, Params& params);
}; // End of class ConfigRsuSimulatorLayer }; // End of class ConfigRsuSimulatorLayer
...@@ -163,6 +163,16 @@ namespace ItsRSUsSimulator__TestSystem { ...@@ -163,6 +163,16 @@ namespace ItsRSUsSimulator__TestSystem {
incoming_message(p_ind); incoming_message(p_ind);
} }
void ConfigRsuSimulatorPort::receiveMsg (const LibItsCam__TypesAndValues::UtCamTrigger& p_ind, const Params& p_params) {
loggers::get_instance().log_msg(">>> ConfigRsuSimulatorPort::receive_msg: ", p_ind);
// Sanity check
if (!p_ind.is_bound()) {
return;
}
incoming_message(p_ind);
}
void ConfigRsuSimulatorPort::receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params) { void ConfigRsuSimulatorPort::receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params) {
loggers::get_instance().log_msg(">>> ConfigRsuSimulatorPort::receive_msg: ", p_ind); loggers::get_instance().log_msg(">>> ConfigRsuSimulatorPort::receive_msg: ", p_ind);
// Sanity check // Sanity check
......
...@@ -21,6 +21,7 @@ namespace ItsRSUsSimulator__TestSystem { ...@@ -21,6 +21,7 @@ namespace ItsRSUsSimulator__TestSystem {
void receiveMsg (const BOOLEAN& p_ind, const Params& p_params); void receiveMsg (const BOOLEAN& p_ind, const Params& p_params);
void receiveMsg (const LibItsGeoNetworking__TypesAndValues::UtGnInitialize& p_ind, const Params& p_params); void receiveMsg (const LibItsGeoNetworking__TypesAndValues::UtGnInitialize& p_ind, const Params& p_params);
void receiveMsg (const LibItsCam__TypesAndValues::UtCamInitialize& p_ind, const Params& p_params); void receiveMsg (const LibItsCam__TypesAndValues::UtCamInitialize& p_ind, const Params& p_params);
void receiveMsg (const LibItsCam__TypesAndValues::UtCamTrigger& p_ind, const Params& p_params);
void receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params); void receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params);
/*void send(const CfInitialize& send_par, const COMPONENT& destination_component); /*void send(const CfInitialize& send_par, const COMPONENT& destination_component);
......
...@@ -74,10 +74,14 @@ geonetworking_layer::geonetworking_layer(const std::string & p_type, const std:: ...@@ -74,10 +74,14 @@ geonetworking_layer::geonetworking_layer(const std::string & p_type, const std::
it = _params.find(Params::secured_mode); it = _params.find(Params::secured_mode);
if (it != _params.cend()) { if (it != _params.cend()) {
_secured_mode = (1 == converter::get_instance().string_to_int(it->second)); _secured_mode = (1 == converter::get_instance().string_to_int(it->second));
} else {
_params.insert(std::pair<std::string, std::string>(std::string("secured_mode"), "0"));
} }
it = _params.find(Params::encrypted_mode); it = _params.find(Params::encrypted_mode);
if (it != _params.cend()) { if (it != _params.cend()) {
_encrypted_mode = (1 == converter::get_instance().string_to_int(it->second)); _encrypted_mode = (1 == converter::get_instance().string_to_int(it->second));
} else {
_params.insert(std::pair<std::string, std::string>(std::string("encrypted_mode"), "0"));
} }
it = _params.find(Params::enable_security_checks); it = _params.find(Params::enable_security_checks);
if (it != _params.cend()) { if (it != _params.cend()) {
...@@ -991,7 +995,7 @@ int geonetworking_layer::build_secured_pdu(OCTETSTRING& data, Params& params) { ...@@ -991,7 +995,7 @@ int geonetworking_layer::build_secured_pdu(OCTETSTRING& data, Params& params) {
return -1; return -1;
} }
// Encode the basid header // Encode the basic header
//loggers::get_instance().log_msg("geonetworking_layer::build_secured_pdu: New basic_header = ", basic_header); //loggers::get_instance().log_msg("geonetworking_layer::build_secured_pdu: New basic_header = ", basic_header);
RAW_enc_tr_pos rp; RAW_enc_tr_pos rp;
rp.level=0; rp.level=0;
......
...@@ -26,7 +26,8 @@ security_services::security_services() : _setup_done{false}, _ec_keys_enc(nullpt ...@@ -26,7 +26,8 @@ security_services::security_services() : _setup_done{false}, _ec_keys_enc(nullpt
int security_services::setup(Params& p_params) { // FIXME Rename this method int security_services::setup(Params& p_params) { // FIXME Rename this method
loggers::get_instance().log(">>> security_services::setup"); loggers::get_instance().log(">>> security_services::setup");
p_params.log(); _params = p_params;
_params.log();
if (_setup_done) { if (_setup_done) {
loggers::get_instance().warning("security_services::setup: Already done"); loggers::get_instance().warning("security_services::setup: Already done");
...@@ -34,29 +35,29 @@ int security_services::setup(Params& p_params) { // FIXME Rename this method ...@@ -34,29 +35,29 @@ int security_services::setup(Params& p_params) { // FIXME Rename this method
} }
_setup_done = true; _setup_done = true;
_security_db.reset(new security_db(p_params[Params::sec_db_path])); // Build the certificate caching
_security_db.reset(new security_db(_params[Params::sec_db_path]));
if (_security_db.get() == nullptr) { // Memory allocation issue if (_security_db.get() == nullptr) { // Memory allocation issue
loggers::get_instance().warning("security_services::setup: _security_db pointer is NULL"); loggers::get_instance().warning("security_services::setup: _security_db pointer is NULL");
return -1; return -1;
} }
// Setup encryption instance // Initialise encryption mechanism
// std::string certificate_id = p_params[Params::certificate]; if (_params[Params::encrypted_mode].compare("1") == 0) {
// OCTETSTRING os; Params::const_iterator it = _params.find(Params::cypher);
// _security_db.get()->get_private_enc_key(certificate_id, os); if (it == _params.cend()) {
// std::vector<unsigned char> pri_enc_key(static_cast<const unsigned char*>(os), os.lengthof() + static_cast<const unsigned char*>(os)); _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
Params::const_iterator it = p_params.find(Params::cypher); _params.insert(std::pair<std::string, std::string>(Params::cypher, std::string("NISTP-256")));
if (it == p_params.cend()) { p_params.insert(std::pair<std::string, std::string>(Params::cypher, std::string("NISTP-256")));
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256)); } else if (it->second.compare("NISTP-256")) {
} else if (it->second.compare("NISTP-256")) { _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256)); } else if (it->second.compare("BP-256")) {
} else if (it->second.compare("BP-256")) { _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1)); } else {
} else { loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData"); return -1;
return -1; }
} }
return 0; return 0;
} }
...@@ -161,6 +162,24 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si ...@@ -161,6 +162,24 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
} }
} }
} }
// Check encryption keys if present
if (header_info.encryptionKey().is_present()) {
// TODO
}
// Check request certificate
if (header_info.inlineP2pcdRequest().is_present()) {
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: inlineP2pcdRequest not supported yet");
// TODO
}
// Check requested certificate
if (header_info.requestedCertificate().is_present()) {
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: requestedCertificate not supported yet");
// TODO
}
// Check and extract unsecured payload // Check and extract unsecured payload
if (p_signed_data.tbsData().payload().data().is_present()) { if (p_signed_data.tbsData().payload().data().is_present()) {
// Check protocol version // Check protocol version
...@@ -364,7 +383,31 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si ...@@ -364,7 +383,31 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
int security_services::process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2::EncryptedData& p_encrypted_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params) { int security_services::process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2::EncryptedData& p_encrypted_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params) {
loggers::get_instance().log_msg(">>> security_services::process_ieee_1609_dot2_encrypted_data: ", p_encrypted_data); loggers::get_instance().log_msg(">>> security_services::process_ieee_1609_dot2_encrypted_data: ", p_encrypted_data);
//loggers::get_instance().log_msg("<<< security_services::process_ieee_1609_dot2_encrypted_data: ", p_unsecured_payload);
if (_params[Params::cypher].compare("NISTP-256") == 0) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
} else if (_params[Params::cypher].compare("BP-256") == 0) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
} else {
loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
return -1;
}
// 1. Retrieve recipient's public keys
// OCTETSTRING recipients_key_x;
// OCTETSTRING recipients_key_y;
// if (_security_db.get()->get_public_enc_keys(certificate_id, recipients_key_x, recipients_key_y) == -1) {
// loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to retrieve recipient's public keys");
// return -1;
// }
loggers::get_instance().log_msg("<<< security_services::process_ieee_1609_dot2_encrypted_data: ", p_unsecured_payload);
return -1; return -1;
} // End of method process_ieee_1609_dot2_encrypted_data } // End of method process_ieee_1609_dot2_encrypted_data
...@@ -379,8 +422,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo ...@@ -379,8 +422,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo
return -1; return -1;
} }
Params::const_iterator it = p_params.find(Params::encrypted_mode); if (_params[Params::encrypted_mode].compare("1") == 0) {
if (it != p_params.cend()) {
if (encrypt_gn_payload(signed_payload, p_secured_gn_payload, p_params) != 0) { if (encrypt_gn_payload(signed_payload, p_secured_gn_payload, p_params) != 0) {
p_secured_gn_payload = signed_payload; p_secured_gn_payload = signed_payload;
loggers::get_instance().warning("security_services::secure_gn_payload: Failed to encrypt payload"); loggers::get_instance().warning("security_services::secure_gn_payload: Failed to encrypt payload");
...@@ -417,7 +459,12 @@ int security_services::sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload ...@@ -417,7 +459,12 @@ int security_services::sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload
header_info.generationLocation().set_to_omit(); header_info.generationLocation().set_to_omit();
header_info.p2pcdLearningRequest().set_to_omit(); header_info.p2pcdLearningRequest().set_to_omit();
header_info.missingCrlIdentifier().set_to_omit(); header_info.missingCrlIdentifier().set_to_omit();
header_info.encryptionKey().set_to_omit(); if (_params[Params::encrypted_mode].compare("1") == 0) {
// TODO Set the encrytion key
header_info.encryptionKey().set_to_omit();
} else {
header_info.encryptionKey().set_to_omit();
}
Params::const_iterator it = p_params.find(Params::payload_type); Params::const_iterator it = p_params.find(Params::payload_type);
if (it != p_params.cend()) { if (it != p_params.cend()) {
loggers::get_instance().log("security_services::sign_gn_payload: Payload type: %s", it->second.c_str()); loggers::get_instance().log("security_services::sign_gn_payload: Payload type: %s", it->second.c_str());
...@@ -511,15 +558,58 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl ...@@ -511,15 +558,58 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
loggers::get_instance().log_msg(">>> security_services::encrypt_gn_payload: ", p_unsecured_gn_payload); loggers::get_instance().log_msg(">>> security_services::encrypt_gn_payload: ", p_unsecured_gn_payload);
// Sanity checks // Sanity checks
if (_ec_keys_enc.get() == nullptr) { // if (_ec_keys_enc.get() == nullptr) {
loggers::get_instance().warning("security_services::encrypt_gn_payload: Encryption not initialised"); // loggers::get_instance().warning("security_services::encrypt_gn_payload: Encryption not initialised");
// return -1;
// }
// 1. Retrieve recipient's public keys
// OCTETSTRING recipients_key_x;
// OCTETSTRING recipients_key_y;
// if (_security_db.get()->get_public_enc_keys(certificate_id, recipients_key_x, recipients_key_y) == -1) {
// loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to retrieve recipient's public keys");
// return -1;
// }
// 2. Generate new ephemeral Private/Public keys
if (_ec_keys_enc.get()->generate() == -1) {
loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate ephemeral keys");
return -1; return -1;
} }
// 3. Generate and derive shared secret
// std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(recipients_key_x), recipients_key_x.lengthof() + static_cast<const unsigned char *>(recipients_key_x));
// std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(recipients_key_y), recipients_key_y.lengthof() + static_cast<const unsigned char *>(recipients_key_y));
// if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
// loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate and derive secret key");
// return -1;
// }
// AES-128 encryption of the data // AES-128 encryption of the data
std::vector<unsigned char> message(static_cast<const unsigned char*>(p_unsecured_gn_payload), p_unsecured_gn_payload.lengthof() + static_cast<const unsigned char*>(p_unsecured_gn_payload)); std::vector<unsigned char> message(static_cast<const unsigned char*>(p_unsecured_gn_payload), p_unsecured_gn_payload.lengthof() + static_cast<const unsigned char*>(p_unsecured_gn_payload));
std::vector<unsigned char> enc_message; std::vector<unsigned char> enc_message;
_ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, message, enc_message); if (_ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, message, enc_message) == -1) {
loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to encrypt message");
return -1;
}
// _ec_keys_enc object contains the key, the none and the tag // _ec_keys_enc object contains the key, the none and the tag
OCTETSTRING nonce = OCTETSTRING(_ec_keys_enc.get()->nonce().size(), _ec_keys_enc.get()->nonce().data()); OCTETSTRING nonce = OCTETSTRING(_ec_keys_enc.get()->nonce().size(), _ec_keys_enc.get()->nonce().data());
OCTETSTRING tag = OCTETSTRING(_ec_keys_enc.get()->tag().size(), _ec_keys_enc.get()->tag().data()); OCTETSTRING tag = OCTETSTRING(_ec_keys_enc.get()->tag().size(), _ec_keys_enc.get()->tag().data());
...@@ -534,7 +624,7 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl ...@@ -534,7 +624,7 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
std::string certificate_id = p_params[Params::certificate]; std::string certificate_id = p_params[Params::certificate];
OCTETSTRING recipient_id; OCTETSTRING recipient_id;
_security_db.get()->get_hashed_id(certificate_id, recipient_id); // SHA-256 of the certificate which contain the encryption private/public keys _security_db.get()->get_hashed_id(certificate_id, recipient_id); // SHA-256 of the certificate which contain the encryption private/public keys
// TODO Encryt the AES-128 key // TODO Encrypt the AES-128 key
OCTETSTRING public_enc_key_x; OCTETSTRING public_enc_key_x;
OCTETSTRING public_enc_key_y; OCTETSTRING public_enc_key_y;
......
...@@ -37,6 +37,8 @@ class security_services { ...@@ -37,6 +37,8 @@ class security_services {
* \brief Unique static object reference of this class * \brief Unique static object reference of this class
*/