Commit 70cf8e50 authored by Yann Garcia's avatar Yann Garcia
Browse files

Add Signature for Brainpool

parent 360e232c
......@@ -306,6 +306,10 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
result = -1;
if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) {
result = verify_sign_ecdsa_nistp256(hashed_data, p_signed_data.signature__(), certificate_id, p_params);
} else if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaBrainpoolP256r1Signature)) {
result = verify_sign_ecdsa_brainpoolp256r1(hashed_data, p_signed_data.signature__(), certificate_id, p_params);
} else if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaBrainpoolP384r1Signature)) {
result = verify_sign_ecdsa_brainpoolp384r1(hashed_data, p_signed_data.signature__(), certificate_id, p_params);
} else {
// TODO
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: TODO");
......@@ -908,6 +912,176 @@ int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, con
return -1;
}
int security_services::sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params) {
loggers::get_instance().log_msg(">>> security_services::sign_ecdsa_brainpoolp256r1: ", p_hash);
std::string certificate_id = p_params[params::certificate];
loggers::get_instance().log("security_services::sign_ecdsa_brainpoolp256r1: encoded certificate_id = '%s'", certificate_id.c_str());
OCTETSTRING pkey;
if (_security_db->get_private_key(certificate_id, pkey) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp256r1: Failed to get private key");
return -1;
}
// Hash ( Hash (Data input) || Hash (Signer identifier input) )
OCTETSTRING hash_cert;
if (_security_db->get_hash(certificate_id, hash_cert) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp256r1: Failed to get whole hash certificate");
return -1;
}
loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp256r1: hash_issuer: ", hash_cert);
OCTETSTRING os = p_hash + hash_cert; // Hash (Data input) || Hash (Signer identifier input)
loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp256r1: hash: ", os);
OCTETSTRING hashed_data;
hash_sha256(os, hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, pkey);
OCTETSTRING r_sig;
OCTETSTRING s_sig;
if (k.sign(hashed_data, r_sig, s_sig) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp256r1: Failed to sign payload");
return -1;
}
IEEE1609dot2BaseTypes::EccP256CurvePoint ep;
ep.x__only() = r_sig;
p_signature.ecdsaBrainpoolP256r1Signature() = IEEE1609dot2BaseTypes::EcdsaP256Signature(
ep,
s_sig
);
loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp256r1: signature=", p_signature);
return 0;
}
int security_services::verify_sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params) {
loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_brainpoolp256r1:", p_hash);
loggers::get_instance().log(">>> security_services::verify_sign_ecdsa_brainpoolp256r1: %s", p_certificate_id.c_str());
OCTETSTRING public_key_x;
OCTETSTRING public_key_y;
if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp256r1 (%s): Failed to get public keys", p_certificate_id.c_str());
return -1;
}
// Generate the hash to be verified: Hash ( Hash (Data input) || Hash (Signer identifier input) )
OCTETSTRING issuer; // Hash (Signer identifier input)
if (_security_db->get_hash(p_certificate_id, issuer) != 0) {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp256r1 (%s): Failed to get hash of the issuer certificate", p_certificate_id.c_str());
return -1;
}
loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp256r1: hash_issuer: ", issuer);
OCTETSTRING hash_data = p_hash + issuer; // Hash (Data input) || Hash (Signer identifier input)
loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp256r1: hash: ", hash_data);
OCTETSTRING hash_to_be_verified;
hash_sha256(hash_data, hash_to_be_verified); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp256r1: hash_to_be_verified: ", hash_to_be_verified);
// Build the signature
OCTETSTRING signature;
if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_x__only)) {
signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().x__only() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();
} else if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().compressed__y__0() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();
} else if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().compressed__y__1() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();
} else if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().uncompressedP256().x() + p_signature.ecdsaBrainpoolP256r1Signature().rSig().uncompressedP256().y() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();
} else {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp256r1 (%s): Invalid curve point", p_certificate_id.c_str());
return -1;
}
security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, public_key_x, public_key_y);
if (k.sign_verif(hash_to_be_verified, signature) == 0) {
return 0;
}
return -1;
}
int security_services::sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params) {
loggers::get_instance().log_msg(">>> security_services::sign_ecdsa_brainpoolp384r1: ", p_hash);
std::string certificate_id = p_params[params::certificate];
loggers::get_instance().log("security_services::sign_ecdsa_brainpoolp384r1: encoded certificate_id = '%s'", certificate_id.c_str());
OCTETSTRING pkey;
if (_security_db->get_private_key(certificate_id, pkey) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp384r1: Failed to get private key");
return -1;
}
// Hash ( Hash (Data input) || Hash (Signer identifier input) )
OCTETSTRING hash_cert;
if (_security_db->get_hash(certificate_id, hash_cert) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp384r1: Failed to get whole hash certificate");
return -1;
}
loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp384r1: hash_issuer: ", hash_cert);
OCTETSTRING os = p_hash + hash_cert; // Hash (Data input) || Hash (Signer identifier input)
loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp384r1: hash: ", os);
OCTETSTRING hashed_data;
hash_sha384(os, hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, pkey);
OCTETSTRING r_sig;
OCTETSTRING s_sig;
if (k.sign(hashed_data, r_sig, s_sig) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp384r1: Failed to sign payload");
return -1;
}
IEEE1609dot2BaseTypes::EccP384CurvePoint ep;
ep.x__only() = r_sig;
p_signature.ecdsaBrainpoolP384r1Signature() = IEEE1609dot2BaseTypes::EcdsaP384Signature(
ep,
s_sig
);
loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp384r1: signature=", p_signature);
return 0;
}
int security_services::verify_sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params) {
loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_brainpoolp384r1:", p_hash);
loggers::get_instance().log(">>> security_services::verify_sign_ecdsa_brainpoolp384r1: %s", p_certificate_id.c_str());
OCTETSTRING public_key_x;
OCTETSTRING public_key_y;
if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp384r1 (%s): Failed to get public keys", p_certificate_id.c_str());
return -1;
}
// Generate the hash to be verified: Hash ( Hash (Data input) || Hash (Signer identifier input) )
OCTETSTRING issuer; // Hash (Signer identifier input)
if (_security_db->get_hash(p_certificate_id, issuer) != 0) {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp384r1 (%s): Failed to get hash of the issuer certificate", p_certificate_id.c_str());
return -1;
}
loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp384r1: hash_issuer: ", issuer);
OCTETSTRING hash_data = p_hash + issuer; // Hash (Data input) || Hash (Signer identifier input)
loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp384r1: hash: ", hash_data);
OCTETSTRING hash_to_be_verified;
hash_sha384(hash_data, hash_to_be_verified); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp384r1: hash_to_be_verified: ", hash_to_be_verified);
// Build the signature
OCTETSTRING signature;
if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_x__only)) {
signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().x__only() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();
} else if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) {
signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().compressed__y__0() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();
} else if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) {
signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().compressed__y__1() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();
} else if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) {
signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().uncompressedP384().x() + p_signature.ecdsaBrainpoolP384r1Signature().rSig().uncompressedP384().y() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();
} else {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp384r1 (%s): Invalid curve point", p_certificate_id.c_str());
return -1;
}
security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, public_key_x, public_key_y);
if (k.sign_verif(hash_to_be_verified, signature) == 0) {
return 0;
}
return -1;
}
int security_services::extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode) {
loggers::get_instance().log("security_services::extract_verification_keys");
......@@ -1061,7 +1235,7 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
// const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
// p_certificate_id = converter::get_instance().bytes_to_hexa(v);
p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));
p_certificate_id = std::string(static_cast<const char*>(hex2str(oct2hex(hashed_id8))));
// Add it into the cache
OCTETSTRING public_key_x, public_key_y, public_comp_key;
INTEGER public_comp_key_mode;
......@@ -1110,7 +1284,7 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
// const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
// p_certificate_id = converter::get_instance().bytes_to_hexa(v);
p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));
p_certificate_id = std::string(static_cast<const char*>(hex2str(oct2hex(hashed_id8))));
// Add it into the cache
OCTETSTRING public_key_x, public_key_y, public_comp_key;
INTEGER public_comp_key_mode;
......
......@@ -154,7 +154,11 @@ private:
int hash_sha256(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
int hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
int sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
int sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
int sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
int verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);
int verify_sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);
int verify_sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);
int extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode);
int extract_encryption_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y, OCTETSTRING& p_public_enc_comp_key, INTEGER& p_public_enc_comp_key_mode);
......
......@@ -6,4 +6,4 @@
PCAP_SAVE_PATH=~/tmp
rm $PCAP_SAVE_PATH/capture_*.pcap*
~/frameworks/wireshark-build/run/tshark -ieth1 -V -f"ether proto 0x8947 or udp src port 12345 or udp dst port 12345" -Tfields -eframe.time -eeth.dst -eeth.src -eeth.type -edata -g -w $PCAP_SAVE_PATH/capture_`date +'%Y%m%d'`.pcap -F pcap
~/frameworks/wireshark-build/run/tshark -ieth2 -V -f"ether proto 0x8947 or udp src port 12345 or udp dst port 12345" -Tfields -eframe.time -eeth.dst -eeth.src -eeth.type -edata -g -w $PCAP_SAVE_PATH/capture_`date +'%Y%m%d'`.pcap -F pcap
Subproject commit 5918986b7fd1d70ddb2b8f50055cb65c662552a0
Subproject commit 447a5fff71873728964cd73a7b44b4a2185482df
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment