Commit 70cf8e50 authored by Yann Garcia's avatar Yann Garcia
Browse files

Add Signature for Brainpool

parent 360e232c

ccsrc/Protocols/Security/security_services.cc

+176 −2
Original line number Original line Diff line number Diff line
@@ -306,6 +306,10 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si 
  result = -1;

  result = -1;

  if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) {

  if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) {

    result = verify_sign_ecdsa_nistp256(hashed_data, p_signed_data.signature__(), certificate_id, p_params);

    result = verify_sign_ecdsa_nistp256(hashed_data, p_signed_data.signature__(), certificate_id, p_params);

  } else if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaBrainpoolP256r1Signature)) {

    result = verify_sign_ecdsa_brainpoolp256r1(hashed_data, p_signed_data.signature__(), certificate_id, p_params);

  } else if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaBrainpoolP384r1Signature)) {

    result = verify_sign_ecdsa_brainpoolp384r1(hashed_data, p_signed_data.signature__(), certificate_id, p_params);

  } else {

  } else {

    // TODO

    // TODO

    loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: TODO");

    loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: TODO");
@@ -908,6 +912,176 @@ int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, con 
  return -1;

  return -1;

}

}





int security_services::sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params) {

  loggers::get_instance().log_msg(">>> security_services::sign_ecdsa_brainpoolp256r1: ", p_hash);

  

  std::string certificate_id = p_params[params::certificate];

  loggers::get_instance().log("security_services::sign_ecdsa_brainpoolp256r1: encoded certificate_id = '%s'", certificate_id.c_str());

  OCTETSTRING pkey;

  if (_security_db->get_private_key(certificate_id, pkey) != 0) {

    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp256r1: Failed to get private key");

    return -1;

  }

  // Hash ( Hash (Data input) || Hash (Signer identifier input) )

  OCTETSTRING hash_cert;

  if (_security_db->get_hash(certificate_id, hash_cert) != 0) {

    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp256r1: Failed to get whole hash certificate");

    return -1;

  }

  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp256r1: hash_issuer: ", hash_cert);

  OCTETSTRING os = p_hash + hash_cert; // Hash (Data input) || Hash (Signer identifier input)

  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp256r1: hash: ", os);

  OCTETSTRING hashed_data;

  hash_sha256(os, hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) )

  security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, pkey);

  OCTETSTRING r_sig;

  OCTETSTRING s_sig;

  if (k.sign(hashed_data, r_sig, s_sig) != 0) {

    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp256r1: Failed to sign payload");

    return -1;

  }

  IEEE1609dot2BaseTypes::EccP256CurvePoint ep;

  ep.x__only() = r_sig;

  p_signature.ecdsaBrainpoolP256r1Signature() = IEEE1609dot2BaseTypes::EcdsaP256Signature(

                                                                                          ep,

                                                                                          s_sig

                                                                                          );

  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp256r1: signature=", p_signature);

  

  return 0;

}



int security_services::verify_sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params) {

  loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_brainpoolp256r1:", p_hash);

  loggers::get_instance().log(">>> security_services::verify_sign_ecdsa_brainpoolp256r1: %s", p_certificate_id.c_str());

  

  OCTETSTRING public_key_x;

  OCTETSTRING public_key_y;

  if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) {

    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp256r1 (%s): Failed to get public keys", p_certificate_id.c_str());

    return -1;

  }

  

  // Generate the hash to be verified: Hash ( Hash (Data input) || Hash (Signer identifier input) )

  OCTETSTRING issuer; // Hash (Signer identifier input)

  if (_security_db->get_hash(p_certificate_id, issuer) != 0) {

    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp256r1 (%s): Failed to get hash of the issuer certificate", p_certificate_id.c_str());

    return -1;

  }

  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp256r1: hash_issuer: ", issuer);

  OCTETSTRING hash_data = p_hash + issuer; // Hash (Data input) || Hash (Signer identifier input)

  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp256r1: hash: ", hash_data);

  OCTETSTRING hash_to_be_verified;

  hash_sha256(hash_data, hash_to_be_verified); // Hash ( Hash (Data input) || Hash (Signer identifier input) )

  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp256r1: hash_to_be_verified: ", hash_to_be_verified);



  // Build the signature

  OCTETSTRING signature;

  if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_x__only)) {

    signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().x__only() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();

  } else if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {

    signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().compressed__y__0() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();

  } else if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {

    signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().compressed__y__1() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();

  } else if (p_signature.ecdsaBrainpoolP256r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {

    signature = p_signature.ecdsaBrainpoolP256r1Signature().rSig().uncompressedP256().x() + p_signature.ecdsaBrainpoolP256r1Signature().rSig().uncompressedP256().y() + p_signature.ecdsaBrainpoolP256r1Signature().sSig();

  } else {

    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp256r1 (%s): Invalid curve point", p_certificate_id.c_str());

    return -1;

  }

  security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, public_key_x, public_key_y);

  if (k.sign_verif(hash_to_be_verified, signature) == 0) {

    return 0;

  }

  

  return -1;

}



int security_services::sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params) {

  loggers::get_instance().log_msg(">>> security_services::sign_ecdsa_brainpoolp384r1: ", p_hash);

  

  std::string certificate_id = p_params[params::certificate];

  loggers::get_instance().log("security_services::sign_ecdsa_brainpoolp384r1: encoded certificate_id = '%s'", certificate_id.c_str());

  OCTETSTRING pkey;

  if (_security_db->get_private_key(certificate_id, pkey) != 0) {

    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp384r1: Failed to get private key");

    return -1;

  }

  // Hash ( Hash (Data input) || Hash (Signer identifier input) )

  OCTETSTRING hash_cert;

  if (_security_db->get_hash(certificate_id, hash_cert) != 0) {

    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp384r1: Failed to get whole hash certificate");

    return -1;

  }

  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp384r1: hash_issuer: ", hash_cert);

  OCTETSTRING os = p_hash + hash_cert; // Hash (Data input) || Hash (Signer identifier input)

  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp384r1: hash: ", os);

  OCTETSTRING hashed_data;

  hash_sha384(os, hashed_data); // Hash ( Hash (Data input) || Hash (Signer identifier input) )

  security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, pkey);

  OCTETSTRING r_sig;

  OCTETSTRING s_sig;

  if (k.sign(hashed_data, r_sig, s_sig) != 0) {

    loggers::get_instance().warning("security_services::sign_ecdsa_brainpoolp384r1: Failed to sign payload");

    return -1;

  }

  IEEE1609dot2BaseTypes::EccP384CurvePoint ep;

  ep.x__only() = r_sig;

  p_signature.ecdsaBrainpoolP384r1Signature() = IEEE1609dot2BaseTypes::EcdsaP384Signature(

                                                                                          ep,

                                                                                          s_sig

                                                                                          );

  loggers::get_instance().log_msg("security_services::sign_ecdsa_brainpoolp384r1: signature=", p_signature);

  

  return 0;

}



int security_services::verify_sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params) {

  loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_brainpoolp384r1:", p_hash);

  loggers::get_instance().log(">>> security_services::verify_sign_ecdsa_brainpoolp384r1: %s", p_certificate_id.c_str());

  

  OCTETSTRING public_key_x;

  OCTETSTRING public_key_y;

  if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) {

    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp384r1 (%s): Failed to get public keys", p_certificate_id.c_str());

    return -1;

  }

  

  // Generate the hash to be verified: Hash ( Hash (Data input) || Hash (Signer identifier input) )

  OCTETSTRING issuer; // Hash (Signer identifier input)

  if (_security_db->get_hash(p_certificate_id, issuer) != 0) {

    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp384r1 (%s): Failed to get hash of the issuer certificate", p_certificate_id.c_str());

    return -1;

  }

  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp384r1: hash_issuer: ", issuer);

  OCTETSTRING hash_data = p_hash + issuer; // Hash (Data input) || Hash (Signer identifier input)

  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp384r1: hash: ", hash_data);

  OCTETSTRING hash_to_be_verified;

  hash_sha384(hash_data, hash_to_be_verified); // Hash ( Hash (Data input) || Hash (Signer identifier input) )

  loggers::get_instance().log_msg("security_services::verify_sign_ecdsa_brainpoolp384r1: hash_to_be_verified: ", hash_to_be_verified);



  // Build the signature

  OCTETSTRING signature;

  if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_x__only)) {

    signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().x__only() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();

  } else if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) {

    signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().compressed__y__0() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();

  } else if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) {

    signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().compressed__y__1() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();

  } else if (p_signature.ecdsaBrainpoolP384r1Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) {

    signature = p_signature.ecdsaBrainpoolP384r1Signature().rSig().uncompressedP384().x() + p_signature.ecdsaBrainpoolP384r1Signature().rSig().uncompressedP384().y() + p_signature.ecdsaBrainpoolP384r1Signature().sSig();

  } else {

    loggers::get_instance().warning("security_services::verify_sign_ecdsa_brainpoolp384r1 (%s): Invalid curve point", p_certificate_id.c_str());

    return -1;

  }

  security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, public_key_x, public_key_y);

  if (k.sign_verif(hash_to_be_verified, signature) == 0) {

    return 0;

  }

  

  return -1;

}



int security_services::extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode) {

int security_services::extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode) {

  loggers::get_instance().log("security_services::extract_verification_keys");

  loggers::get_instance().log("security_services::extract_verification_keys");
@@ -1061,7 +1235,7 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa 
        loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);

        loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);

        // const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());

        // const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());

        // p_certificate_id = converter::get_instance().bytes_to_hexa(v);

        // p_certificate_id = converter::get_instance().bytes_to_hexa(v);

        p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));

        p_certificate_id = std::string(static_cast<const char*>(hex2str(oct2hex(hashed_id8))));

        // Add it into the cache

        // Add it into the cache

        OCTETSTRING public_key_x, public_key_y, public_comp_key;

        OCTETSTRING public_key_x, public_key_y, public_comp_key;

        INTEGER public_comp_key_mode;

        INTEGER public_comp_key_mode;
@@ -1110,7 +1284,7 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa 
        loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);

        loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);

        // const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());

        // const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());

        // p_certificate_id = converter::get_instance().bytes_to_hexa(v);

        // p_certificate_id = converter::get_instance().bytes_to_hexa(v);

        p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));

        p_certificate_id = std::string(static_cast<const char*>(hex2str(oct2hex(hashed_id8))));

        // Add it into the cache

        // Add it into the cache

        OCTETSTRING public_key_x, public_key_y, public_comp_key;

        OCTETSTRING public_key_x, public_key_y, public_comp_key;

        INTEGER public_comp_key_mode;

        INTEGER public_comp_key_mode;

ccsrc/Protocols/Security/security_services.hh

+4 −0
Original line number Original line Diff line number Diff line
@@ -154,7 +154,11 @@ private: 
  int hash_sha256(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);

  int hash_sha256(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);

  int hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);

  int hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);

  int sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);

  int sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);

  int sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);

  int sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);

  int verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);

  int verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);

  int verify_sign_ecdsa_brainpoolp256r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);

  int verify_sign_ecdsa_brainpoolp384r1(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);





  int extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode);

  int extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode);

  int extract_encryption_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y, OCTETSTRING& p_public_enc_comp_key, INTEGER& p_public_enc_comp_key_mode);

  int extract_encryption_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y, OCTETSTRING& p_public_enc_comp_key, INTEGER& p_public_enc_comp_key_mode);

scripts/run_tshark.bash

+1 −1
Original line number Original line Diff line number Diff line
@@ -6,4 +6,4 @@ 




PCAP_SAVE_PATH=~/tmp

PCAP_SAVE_PATH=~/tmp

rm $PCAP_SAVE_PATH/capture_*.pcap*

rm $PCAP_SAVE_PATH/capture_*.pcap*

~/frameworks/wireshark-build/run/tshark -ieth1 -V -f"ether proto 0x8947 or udp src port 12345 or udp dst port 12345" -Tfields -eframe.time -eeth.dst -eeth.src -eeth.type -edata -g -w $PCAP_SAVE_PATH/capture_`date +'%Y%m%d'`.pcap -F pcap
 
~/frameworks/wireshark-build/run/tshark -ieth2 -V -f"ether proto 0x8947 or udp src port 12345 or udp dst port 12345" -Tfields -eframe.time -eeth.dst -eeth.src -eeth.type -edata -g -w $PCAP_SAVE_PATH/capture_`date +'%Y%m%d'`.pcap -F pcap

LibIts @ 447a5fff

Compare 5918986b to 447a5fff
Original line number Original line Diff line number Diff line 
Subproject commit 5918986b7fd1d70ddb2b8f50055cb65c662552a0
 
Subproject commit 447a5fff71873728964cd73a7b44b4a2185482df