Add Signature for Brainpool

70cf8e50 · Yann Garcia · 360e232c · 70cf8e50 · 70cf8e50 · 70cf8e50
Commit 70cf8e50 authored Feb 01, 2019 by Yann Garcia
--- a/ccsrc/Protocols/Security/security_services.cc
+++ b/ccsrc/Protocols/Security/security_services.cc
@@ -306,6 +306,10 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
  result = -1;
  if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) {
    result = verify_sign_ecdsa_nistp256(hashed_data, p_signed_data.signature__(), certificate_id, p_params);
+  } else if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaBrainpoolP256r1Signature)) {
+    result = verify_sign_ecdsa_brainpoolp256r1(hashed_data, p_signed_data.signature__(), certificate_id, p_params);
+  } else if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaBrainpoolP384r1Signature)) {
+    result = verify_sign_ecdsa_brainpoolp384r1(hashed_data, p_signed_data.signature__(), certificate_id, p_params);
  } else {
    // TODO
    loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: TODO");
@@ -908,6 +912,176 @@ int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, con
  return -1;
 }

+int security_services::sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params) {
+  loggers::get_instance().log_msg(">>> security_services::sign_ecdsa_brainpoolp256r1: ", p_hash);
+  
+  std::string certificate_id = p_params[params::certificate];
+  loggers::get_instance().log("security_services::sign_ecdsa_brainpoolp256r1: encoded certificate_id = '%s'", certificate_id.c_str());
+  OCTETSTRING pkey;
+  if (_security_db->get_private_key(certificate_id, pkey) != 0) {
+    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp256r1: Failed to get private key");
+    return -1;
+  }
+  // Hash ( Hash (Data input) || Hash (Signer identifier input) )
+  OCTETSTRING hash_cert;
+  if (_security_db->get_hash(certificate_id, hash_cert) != 0) {
+    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp256r1: Failed to get whole hash certificate");
+    return -1;
+  }
+  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp256r1: hash_issuer: ", hash_cert);
+  OCTETSTRING os = p_hash + hash_cert; // Hash (Data input) || Hash (Signer identifier input)
+  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp256r1: hash: ", os);
+  OCTETSTRING hashed_data;
+  hash_sha256(os, hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
+  security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, pkey);
+  OCTETSTRING r_sig;
+  OCTETSTRING s_sig;
+  if (k.sign(hashed_data, r_sig, s_sig) != 0) {
+    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp256r1: Failed to sign payload");
+    return -1;
+  }
+  IEEE1609dot2BaseTypes::EccP256CurvePoint ep;
+  ep.x__only() = r_sig;
+  p_signature.ecdsaBrainpoolP256r1Signature() = IEEE1609dot2BaseTypes::EcdsaP256Signature(
+                                                                                          ep,
+                                                                                          s_sig
+                                                                                          );
+  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp256r1: signature=", p_signature);
+  
+  return 0;
+}
+
+int security_services::verify_sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params) {
+  loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_brainpoolp256r1:", p_hash);
+  loggers::get_instance().log(">>> security_services::verify_sign_ecdsa_brainpoolp256r1: %s", p_certificate_id.c_str());
+  
+  OCTETSTRING public_key_x;
+  OCTETSTRING public_key_y;
+  if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) {
+    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp256r1 (%s): Failed to get public keys", p_certificate_id.c_str());
+    return -1;
+  }
+  
+  // Generate the hash to be verified: Hash ( Hash (Data input) || Hash (Signer identifier input) )
+  OCTETSTRING issuer; // Hash (Signer identifier input)
+  if (_security_db->get_hash(p_certificate_id, issuer) != 0) {
+    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp256r1 (%s): Failed to get hash of the issuer certificate", p_certificate_id.c_str());
+    return -1;
+  }
+  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp256r1: hash_issuer: ", issuer);
+  OCTETSTRING hash_data = p_hash + issuer; // Hash (Data input) || Hash (Signer identifier input)
+  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp256r1: hash: ", hash_data);
+  OCTETSTRING hash_to_be_verified;
+  hash_sha256(hash_data, hash_to_be_verified); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
+  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp256r1: hash_to_be_verified: ", hash_to_be_verified);
+
+  // Build the signature
+  OCTETSTRING signature;
+  if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_x__only)) {
+    signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().x__only() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();
+  } else if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
+    signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().compressed__y__0() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();
+  } else if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
+    signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().compressed__y__1() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();
+  } else if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
+    signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().uncompressedP256().x() + p_signature.ecdsaBrainpoolP256r1Signature().rSig().uncompressedP256().y() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();
+  } else {
+    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp256r1 (%s): Invalid curve point", p_certificate_id.c_str());
+    return -1;
+  }
+  security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, public_key_x, public_key_y);
+  if (k.sign_verif(hash_to_be_verified, signature) == 0) {
+    return 0;
+  }
+  
+  return -1;
+}
+
+int security_services::sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params) {
+  loggers::get_instance().log_msg(">>> security_services::sign_ecdsa_brainpoolp384r1: ", p_hash);
+  
+  std::string certificate_id = p_params[params::certificate];
+  loggers::get_instance().log("security_services::sign_ecdsa_brainpoolp384r1: encoded certificate_id = '%s'", certificate_id.c_str());
+  OCTETSTRING pkey;
+  if (_security_db->get_private_key(certificate_id, pkey) != 0) {
+    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp384r1: Failed to get private key");
+    return -1;
+  }
+  // Hash ( Hash (Data input) || Hash (Signer identifier input) )
+  OCTETSTRING hash_cert;
+  if (_security_db->get_hash(certificate_id, hash_cert) != 0) {
+    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp384r1: Failed to get whole hash certificate");
+    return -1;
+  }
+  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp384r1: hash_issuer: ", hash_cert);
+  OCTETSTRING os = p_hash + hash_cert; // Hash (Data input) || Hash (Signer identifier input)
+  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp384r1: hash: ", os);
+  OCTETSTRING hashed_data;
+  hash_sha384(os, hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
+  security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, pkey);
+  OCTETSTRING r_sig;
+  OCTETSTRING s_sig;
+  if (k.sign(hashed_data, r_sig, s_sig) != 0) {
+    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp384r1: Failed to sign payload");
+    return -1;
+  }
+  IEEE1609dot2BaseTypes::EccP384CurvePoint ep;
+  ep.x__only() = r_sig;
+  p_signature.ecdsaBrainpoolP384r1Signature() = IEEE1609dot2BaseTypes::EcdsaP384Signature(
+                                                                                          ep,
+                                                                                          s_sig
+                                                                                          );
+  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp384r1: signature=", p_signature);
+  
+  return 0;
+}
+
+int security_services::verify_sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params) {
+  loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_brainpoolp384r1:", p_hash);
+  loggers::get_instance().log(">>> security_services::verify_sign_ecdsa_brainpoolp384r1: %s", p_certificate_id.c_str());
+  
+  OCTETSTRING public_key_x;
+  OCTETSTRING public_key_y;
+  if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) {
+    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp384r1 (%s): Failed to get public keys", p_certificate_id.c_str());
+    return -1;
+  }
+  
+  // Generate the hash to be verified: Hash ( Hash (Data input) || Hash (Signer identifier input) )
+  OCTETSTRING issuer; // Hash (Signer identifier input)
+  if (_security_db->get_hash(p_certificate_id, issuer) != 0) {
+    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp384r1 (%s): Failed to get hash of the issuer certificate", p_certificate_id.c_str());
+    return -1;
+  }
+  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp384r1: hash_issuer: ", issuer);
+  OCTETSTRING hash_data = p_hash + issuer; // Hash (Data input) || Hash (Signer identifier input)
+  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp384r1: hash: ", hash_data);
+  OCTETSTRING hash_to_be_verified;
+  hash_sha384(hash_data, hash_to_be_verified); // Hash ( Hash (Data input) || Hash (Signer identifier input) )
+  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp384r1: hash_to_be_verified: ", hash_to_be_verified);
+
+  // Build the signature
+  OCTETSTRING signature;
+  if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_x__only)) {
+    signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().x__only() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();
+  } else if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) {
+    signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().compressed__y__0() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();
+  } else if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) {
+    signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().compressed__y__1() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();
+  } else if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) {
+    signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().uncompressedP384().x() + p_signature.ecdsaBrainpoolP384r1Signature().rSig().uncompressedP384().y() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();
+  } else {
+    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp384r1 (%s): Invalid curve point", p_certificate_id.c_str());
+    return -1;
+  }
+  security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, public_key_x, public_key_y);
+  if (k.sign_verif(hash_to_be_verified, signature) == 0) {
+    return 0;
+  }
+  
+  return -1;
+}
+
 int security_services::extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode) {
  loggers::get_instance().log("security_services::extract_verification_keys");
  
@@ -1061,7 +1235,7 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
        loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
        // const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
        // p_certificate_id = converter::get_instance().bytes_to_hexa(v);
-        p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));
+        p_certificate_id = std::string(static_cast<const char*>(hex2str(oct2hex(hashed_id8))));
        // Add it into the cache
        OCTETSTRING public_key_x, public_key_y, public_comp_key;
        INTEGER public_comp_key_mode;
@@ -1110,7 +1284,7 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
        loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
        // const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
        // p_certificate_id = converter::get_instance().bytes_to_hexa(v);
-        p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));
+        p_certificate_id = std::string(static_cast<const char*>(hex2str(oct2hex(hashed_id8))));
        // Add it into the cache
        OCTETSTRING public_key_x, public_key_y, public_comp_key;
        INTEGER public_comp_key_mode;

--- a/ccsrc/Protocols/Security/security_services.hh
+++ b/ccsrc/Protocols/Security/security_services.hh
@@ -154,7 +154,11 @@ private:
  int hash_sha256(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
  int hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
  int sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
+  int sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
+  int sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
  int verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);
+  int verify_sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);
+  int verify_sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);

  int extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode);
  int extract_encryption_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y, OCTETSTRING& p_public_enc_comp_key, INTEGER& p_public_enc_comp_key_mode);

--- a/scripts/run_tshark.bash
+++ b/scripts/run_tshark.bash
@@ -6,4 +6,4 @@

 PCAP_SAVE_PATH=~/tmp
 rm $PCAP_SAVE_PATH/capture_*.pcap*
-~/frameworks/wireshark-build/run/tshark -ieth1 -V -f"ether proto 0x8947 or udp src port 12345 or udp dst port 12345" -Tfields -eframe.time -eeth.dst -eeth.src -eeth.type -edata -g -w $PCAP_SAVE_PATH/capture_`date +'%Y%m%d'`.pcap -F pcap
+~/frameworks/wireshark-build/run/tshark -ieth2 -V -f"ether proto 0x8947 or udp src port 12345 or udp dst port 12345" -Tfields -eframe.time -eeth.dst -eeth.src -eeth.type -edata -g -w $PCAP_SAVE_PATH/capture_`date +'%Y%m%d'`.pcap -F pcap
--- a/LibIts @ 447a5fff
+++ b/LibIts @ 447a5fff
-Subproject commit 5918986b7fd1d70ddb2b8f50055cb65c662552a0
+Subproject commit 447a5fff71873728964cd73a7b44b4a2185482df