Loading ccsrc/Externals/LibItsSecurity_externals.cc +259 −134 File changed.Preview size limit exceeded, changes collapsed. Show changes ccsrc/Protocols/Security/security_ecc.cc +34 −66 Original line number Diff line number Diff line Loading @@ -195,7 +195,6 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p unsigned int nonce_length; unsigned int sym_key_length; unsigned int tag_length; unsigned int k_length; switch (_encryption_algotithm) { case encryption_algotithm::aes_128_ccm: // No break; Loading @@ -203,8 +202,21 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p nonce_length = 12; sym_key_length = 16; tag_length = 16; break; default: loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Unsupported encryption algorithm"); return -1; } // End of 'switch' statement unsigned int k_length; switch (_elliptic_curve) { case ec_elliptic_curves::nist_p_256: // Use the ANSI X9.62 Prime 256v1 curve // No break; case ec_elliptic_curves::brainpool_p_256_r1: k_length = 32; break; case ec_elliptic_curves::brainpool_p_384_r1: k_length = 48; break; default: loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Unsupported encryption algorithm"); return -1; Loading Loading @@ -278,7 +290,6 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p unsigned int nonce_length; unsigned int sym_key_length; unsigned int tag_length; unsigned int k_length; switch (_encryption_algotithm) { case encryption_algotithm::aes_128_ccm: // No break; Loading @@ -286,8 +297,21 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p nonce_length = 12; sym_key_length = 16; tag_length = 16; break; default: loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Unsupported encryption algorithm"); return -1; } // End of 'switch' statement unsigned int k_length; switch (_elliptic_curve) { case ec_elliptic_curves::nist_p_256: // Use the ANSI X9.62 Prime 256v1 curve // No break; case ec_elliptic_curves::brainpool_p_256_r1: k_length = 32; break; case ec_elliptic_curves::brainpool_p_384_r1: k_length = 48; break; default: loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Unsupported encryption algorithm"); return -1; Loading Loading @@ -327,16 +351,17 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p std::copy(digest.begin() + nonce.size() + sym_key.size(), digest.begin() + nonce.size() + sym_key.size() + tag.size(), tag.begin()); // TODO Useless??? loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key: tag: ", tag.data(), tag.size()); if (_nonce != nonce) { loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Failed to derive nonce vector"); return -1; } // Extract the HMAC key std::vector<unsigned char> hmac_secret(k_length + k_length, 0x00); std::copy(digest.data() + nonce_length + sym_key_length + tag_length, digest.data() + nonce_length + sym_key_length + tag_length + 2 * k_length, hmac_secret.begin()); loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key: hmac_secret: ", hmac_secret.data(), hmac_secret.size()); // Check if nonce vectors are valid if (_nonce != nonce) { loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Failed to derive nonce vector"); return -1; } // Decrypt the symmetric key std::vector<unsigned char> skey; if (decrypt(p_enc_algorithm, sym_key, nonce, p_authentication_vector, p_enc_sym_key, skey) == -1) { Loading Loading @@ -616,10 +641,10 @@ const int security_ecc::init() { result = ::OBJ_txt2nid("brainpoolP384r1"); break; default: loggers::get_instance().error("security_ecc::security_ecc: Unsupported EC elliptic_curve"); loggers::get_instance().error("security_ecc::init: Unsupported EC elliptic_curve"); } // End of 'switch' statement if (result < 0) { loggers::get_instance().warning("security_ecc::security_ecc: Unaible to set EC elliptic_curve"); loggers::get_instance().warning("security_ecc::init: Unaible to set EC elliptic_curve"); return -1; } Loading Loading @@ -671,60 +696,3 @@ int security_ecc::public_key_to_bin(std::vector<unsigned char>& p_bin_key) { // return 0; } /*int security_ecc::multiply_point_with_bn(const EC_POINT& a, const BIGNUM& b, EC_POINT** P) { loggers::get_instance().log(">>> security_ecc::multiply_point_with_bn"); EC_POINT *O = EC_POINT_new(_ec_group); if (*P == NULL) *P = EC_POINT_new(_ec_group); for(int i = BN_num_bits(&b); i >= 0; i--) { EC_POINT_dbl(_ec_group, *P, *P, _bn_ctx); if (BN_is_bit_set(&b, i)) EC_POINT_add(_ec_group, *P, *P, &a, _bn_ctx); else EC_POINT_add(_ec_group, *P, *P, O, _bn_ctx); } EC_POINT_free(O); return 0; } int security_ecc::derive_s_from_private_key(BIGNUM* S, BIGNUM* R) { loggers::get_instance().log(">>> security_ecc::derive_s_from_private_key"); const EC_POINT *Kb = EC_KEY_get0_public_key(_ec_key); BIGNUM *n = BN_new(); BIGNUM *r = BN_new(); EC_POINT *P = NULL; EC_POINT *Rp = EC_POINT_new(_ec_group); BIGNUM *Py = BN_new(); const EC_POINT *G = EC_GROUP_get0_generator(_ec_group); int bits,ret=-1; EC_GROUP_get_order(_ec_group, n, _bn_ctx); bits = BN_num_bits(n); BN_rand(r, bits, -1, 0); // calculate R = rG Rp = multiply_point_with_bn(Rp, G, r); // calculate S = Px, P = (Px,Py) = Kb R P = multiply_point_with_bn(P, Kb, r); if (!EC_POINT_is_at_infinity(_ec_group, P)) { EC_POINT_get_affine_coordinates_GFp(_ec_group, P, S, Py, _bn_ctx); // TODO Add 'switch' EC_POINT_point2bn(_ec_group, Rp, POINT_CONVERSION_COMPRESSED, R, _bn_ctx); ret = 0; } BN_free(r); BN_free(n); BN_free(Py); EC_POINT_free(P); EC_POINT_free(Rp); return ret; } int security_ecc::derive_s_from_public_key(BIGNUM* S, BIGNUM* R) { loggers::get_instance().log(">>> security_ecc::derive_s_from_public_key"); return 0; }*/ Loading
ccsrc/Externals/LibItsSecurity_externals.cc +259 −134 File changed.Preview size limit exceeded, changes collapsed. Show changes
ccsrc/Protocols/Security/security_ecc.cc +34 −66 Original line number Diff line number Diff line Loading @@ -195,7 +195,6 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p unsigned int nonce_length; unsigned int sym_key_length; unsigned int tag_length; unsigned int k_length; switch (_encryption_algotithm) { case encryption_algotithm::aes_128_ccm: // No break; Loading @@ -203,8 +202,21 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p nonce_length = 12; sym_key_length = 16; tag_length = 16; break; default: loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Unsupported encryption algorithm"); return -1; } // End of 'switch' statement unsigned int k_length; switch (_elliptic_curve) { case ec_elliptic_curves::nist_p_256: // Use the ANSI X9.62 Prime 256v1 curve // No break; case ec_elliptic_curves::brainpool_p_256_r1: k_length = 32; break; case ec_elliptic_curves::brainpool_p_384_r1: k_length = 48; break; default: loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Unsupported encryption algorithm"); return -1; Loading Loading @@ -278,7 +290,6 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p unsigned int nonce_length; unsigned int sym_key_length; unsigned int tag_length; unsigned int k_length; switch (_encryption_algotithm) { case encryption_algotithm::aes_128_ccm: // No break; Loading @@ -286,8 +297,21 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p nonce_length = 12; sym_key_length = 16; tag_length = 16; break; default: loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Unsupported encryption algorithm"); return -1; } // End of 'switch' statement unsigned int k_length; switch (_elliptic_curve) { case ec_elliptic_curves::nist_p_256: // Use the ANSI X9.62 Prime 256v1 curve // No break; case ec_elliptic_curves::brainpool_p_256_r1: k_length = 32; break; case ec_elliptic_curves::brainpool_p_384_r1: k_length = 48; break; default: loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Unsupported encryption algorithm"); return -1; Loading Loading @@ -327,16 +351,17 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p std::copy(digest.begin() + nonce.size() + sym_key.size(), digest.begin() + nonce.size() + sym_key.size() + tag.size(), tag.begin()); // TODO Useless??? loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key: tag: ", tag.data(), tag.size()); if (_nonce != nonce) { loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Failed to derive nonce vector"); return -1; } // Extract the HMAC key std::vector<unsigned char> hmac_secret(k_length + k_length, 0x00); std::copy(digest.data() + nonce_length + sym_key_length + tag_length, digest.data() + nonce_length + sym_key_length + tag_length + 2 * k_length, hmac_secret.begin()); loggers::get_instance().log_to_hexa("security_ecc::generate_and_derive_ephemeral_key: hmac_secret: ", hmac_secret.data(), hmac_secret.size()); // Check if nonce vectors are valid if (_nonce != nonce) { loggers::get_instance().warning("security_ecc::generate_and_derive_ephemeral_key: Failed to derive nonce vector"); return -1; } // Decrypt the symmetric key std::vector<unsigned char> skey; if (decrypt(p_enc_algorithm, sym_key, nonce, p_authentication_vector, p_enc_sym_key, skey) == -1) { Loading Loading @@ -616,10 +641,10 @@ const int security_ecc::init() { result = ::OBJ_txt2nid("brainpoolP384r1"); break; default: loggers::get_instance().error("security_ecc::security_ecc: Unsupported EC elliptic_curve"); loggers::get_instance().error("security_ecc::init: Unsupported EC elliptic_curve"); } // End of 'switch' statement if (result < 0) { loggers::get_instance().warning("security_ecc::security_ecc: Unaible to set EC elliptic_curve"); loggers::get_instance().warning("security_ecc::init: Unaible to set EC elliptic_curve"); return -1; } Loading Loading @@ -671,60 +696,3 @@ int security_ecc::public_key_to_bin(std::vector<unsigned char>& p_bin_key) { // return 0; } /*int security_ecc::multiply_point_with_bn(const EC_POINT& a, const BIGNUM& b, EC_POINT** P) { loggers::get_instance().log(">>> security_ecc::multiply_point_with_bn"); EC_POINT *O = EC_POINT_new(_ec_group); if (*P == NULL) *P = EC_POINT_new(_ec_group); for(int i = BN_num_bits(&b); i >= 0; i--) { EC_POINT_dbl(_ec_group, *P, *P, _bn_ctx); if (BN_is_bit_set(&b, i)) EC_POINT_add(_ec_group, *P, *P, &a, _bn_ctx); else EC_POINT_add(_ec_group, *P, *P, O, _bn_ctx); } EC_POINT_free(O); return 0; } int security_ecc::derive_s_from_private_key(BIGNUM* S, BIGNUM* R) { loggers::get_instance().log(">>> security_ecc::derive_s_from_private_key"); const EC_POINT *Kb = EC_KEY_get0_public_key(_ec_key); BIGNUM *n = BN_new(); BIGNUM *r = BN_new(); EC_POINT *P = NULL; EC_POINT *Rp = EC_POINT_new(_ec_group); BIGNUM *Py = BN_new(); const EC_POINT *G = EC_GROUP_get0_generator(_ec_group); int bits,ret=-1; EC_GROUP_get_order(_ec_group, n, _bn_ctx); bits = BN_num_bits(n); BN_rand(r, bits, -1, 0); // calculate R = rG Rp = multiply_point_with_bn(Rp, G, r); // calculate S = Px, P = (Px,Py) = Kb R P = multiply_point_with_bn(P, Kb, r); if (!EC_POINT_is_at_infinity(_ec_group, P)) { EC_POINT_get_affine_coordinates_GFp(_ec_group, P, S, Py, _bn_ctx); // TODO Add 'switch' EC_POINT_point2bn(_ec_group, Rp, POINT_CONVERSION_COMPRESSED, R, _bn_ctx); ret = 0; } BN_free(r); BN_free(n); BN_free(Py); EC_POINT_free(P); EC_POINT_free(Rp); return ret; } int security_ecc::derive_s_from_public_key(BIGNUM* S, BIGNUM* R) { loggers::get_instance().log(">>> security_ecc::derive_s_from_public_key"); return 0; }*/
