diff --git a/tools/itssecurity/lib_its_security/lib_its_security.c b/tools/itssecurity/lib_its_security/lib_its_security.c index 6fa218b571dac64b86360ebf3eb0ba467de16d24..696d932d0b50ad382d9c443f7843df1d83ab75c9 100644 --- a/tools/itssecurity/lib_its_security/lib_its_security.c +++ b/tools/itssecurity/lib_its_security/lib_its_security.c @@ -6,8 +6,7 @@ * No part may be reproduced except as authorized by written permission. * The copyright and the foregoing restriction extend to reproduction in all media. * All rights reserved. - * \version 0.1 - * \remark gcc -Wall -Werror -O0 -ggdb -fstack-check -fstack-protector -fsanitize=leak -fsanitize=address -I. -D__MAIN__ ./lib_its_security.c -L/usr/lib -lssl -lcrypto -lm + * \version 1.0 */ #include "lib_its_security.h" @@ -400,65 +399,6 @@ int32_t generate_and_derive_ephemeral_key_for_encryption( return 0; } -int32_t encrypt( - lib_its_security_context_t* lib_its_security_context, - const uint8_t* p_plain_text_message, - const size_t p_plain_text_message_length, - uint8_t** p_cipher_message, - size_t *p_cipher_message_length - ) { - /* Sanity checks */ - - /* Initialize the context and encryption operation */ - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - /* Allocate buffers size */ - switch (lib_its_security_context->encryption_algorithm) { - case aes_128_ccm: - EVP_EncryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL); - if (lib_its_security_context->tag != NULL) { - free(lib_its_security_context->tag); - } - lib_its_security_context->tag_length = 16; - lib_its_security_context->tag = (uint8_t*)malloc(lib_its_security_context->tag_length); - *p_cipher_message = (uint8_t*)malloc(p_plain_text_message_length); - break; - case aes_256_ccm: - EVP_EncryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL); - break; - case aes_128_gcm: - EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL); - if (lib_its_security_context->tag != NULL) { - free(lib_its_security_context->tag); - } - lib_its_security_context->tag_length = 16; - lib_its_security_context->tag = (uint8_t*)malloc(lib_its_security_context->tag_length); - *p_cipher_message = (uint8_t*)malloc(p_plain_text_message_length); - break; - case aes_256_gcm: - EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL); - break; - } /* End of 'switch' statement */ - *p_cipher_message_length = p_plain_text_message_length; - /* Set nonce length */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, lib_its_security_context->nonce_length, NULL); - /* Set tag length */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, lib_its_security_context->tag_length, NULL); - /* Prime the key and nonce */ - EVP_EncryptInit_ex(ctx, NULL, NULL, lib_its_security_context->sym_key, lib_its_security_context->nonce); - // No authentication data - // Encrypt the data - int len = 0; - EVP_EncryptUpdate(ctx, *p_cipher_message, &len, p_plain_text_message, p_plain_text_message_length); - // Finalize the encryption session - EVP_EncryptFinal_ex(ctx, (*p_cipher_message) + len, &len); - /* Get the authentication tag */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, lib_its_security_context->tag_length, lib_its_security_context->tag); - - EVP_CIPHER_CTX_free(ctx); - - return 0; -} - int32_t generate_and_derive_ephemeral_key_for_decryption( lib_its_security_context_t* p_lib_its_security_context, const encryption_algorithm_t p_enc_algorithm, @@ -563,51 +503,6 @@ int32_t generate_and_derive_ephemeral_key_for_decryption( return 0; } -int32_t decrypt( - lib_its_security_context_t* p_lib_its_security_context, - const uint8_t* p_cipher_message, - const size_t p_cipher_message_length, - uint8_t**p_plain_text_message, - size_t* p_plain_text_message_length - ) { - /* Sanity checks */ - - /* Initialize the context and decryption operation */ - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - switch (p_lib_its_security_context->encryption_algorithm) { - case aes_128_ccm: - EVP_DecryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL); - break; - case aes_256_ccm: - EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL); - break; - case aes_128_gcm: - EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL); - break; - case aes_256_gcm: - EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL); - break; - } // End of 'switch' statement - /* Set nonce length */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, p_lib_its_security_context->nonce_length, NULL); - /* Set expected tag value */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, p_lib_its_security_context->tag_length, p_lib_its_security_context->tag); - /* Specify key and IV */ - EVP_DecryptInit_ex(ctx, NULL, NULL, p_lib_its_security_context->sym_key, p_lib_its_security_context->nonce); - /* Decrypt plaintext, verify tag: can only be called once */ - *p_plain_text_message = (uint8_t*)malloc(p_cipher_message_length); - *p_plain_text_message_length = p_cipher_message_length; - int len = 0; - int result = EVP_DecryptUpdate(ctx, *p_plain_text_message, &len, p_cipher_message, p_cipher_message_length); - EVP_CIPHER_CTX_free(ctx); - if (result != 1) { - free(*p_plain_text_message); - *p_plain_text_message = NULL; - } - - return (result > 0) ? 0 : -1; -} - /** * Public functions */ @@ -947,7 +842,8 @@ int32_t prepare_data_to_be_verify( const lib_its_security_context_t* p_lib_its_security_context, const uint8_t* p_data, const size_t p_data_length, - const uint8_t* p_certificate_issuer, uint8_t** p_hashed_data + const uint8_t* p_certificate_issuer, + uint8_t** p_hashed_data ) { // Calculate the SHA of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) ) uint8_t* hashed_data1; // Hash (Data input) @@ -961,28 +857,28 @@ int32_t prepare_data_to_be_verify( return -1; } uint8_t* hashed_data2; // Hash (Signer identifier input) - bool found = true; + // Check if issuer is '00...00'O vector + bool foundNonZero = false; for (int i = 0; i < 32; i++) { if (*(p_certificate_issuer + i) != 0x00) { - found = false; + foundNonZero = true; break; } } - if (p_lib_its_security_context->elliptic_curve == brainpool_p_384_r1) { - if (!found) { - result = hash_with_sha384(p_certificate_issuer, p_lib_its_security_context->key_length, &hashed_data2); // Hash of empty string - } else { - result = hash_with_sha384(NULL, 0, &hashed_data2); // Hash of empty string - } - } else { - if (!found) { - result = hash_with_sha256(p_certificate_issuer, p_lib_its_security_context->key_length, &hashed_data2); // Hash of empty string + if (foundNonZero) { + hashed_data2 = (uint8_t*)malloc(p_lib_its_security_context->key_length); + memcpy((void*)hashed_data2, (const void*)p_certificate_issuer, p_lib_its_security_context->key_length); + result = 0; + } else { // Use hash of empty string + if (p_lib_its_security_context->elliptic_curve == brainpool_p_384_r1) { + result = hash_with_sha384(NULL, 0, &hashed_data2); } else { result = hash_with_sha256(NULL, 0, &hashed_data2); // Hash of empty string } } if (result == -1) { free(hashed_data1); + free(hashed_data2); return -1; } uint8_t* hash_data_buffer = (uint8_t*)malloc(2 * p_lib_its_security_context->key_length); // Hash (Data input) || Hash (Signer identifier input) @@ -1274,13 +1170,14 @@ int32_t encrypt_with_ecies_nistp256_with_sha256( *p_public_ephemeral_key_compressed = (uint8_t*)malloc(lib_its_security_context->key_length); memcpy((void*)*p_public_ephemeral_key_compressed, (const void*)lib_its_security_context->public_key_c, lib_its_security_context->key_length); *p_ephemeral_compressed_mode = (ecc_compressed_mode_t)(lib_its_security_context->compressed_mode == compressed_y_0) ? 0 : 1; + show_hex((const int8_t*)"p_public_ephemeral_key_compressed", *p_public_ephemeral_key_compressed, lib_its_security_context->key_length); /* 3. Retrieve AES 128 parameters */ *p_nonce = (uint8_t*)malloc(lib_its_security_context->nonce_length); memcpy((void*)*p_nonce, (const void*)lib_its_security_context->nonce, lib_its_security_context->nonce_length); /* 4. Encrypt the data using AES-128 CCM */ lib_its_security_context->encryption_algorithm = aes_128_ccm; - result = encrypt(lib_its_security_context, p_to_be_encrypted_secured_message, p_to_be_encrypted_secured_message_length, p_encrypted_secured_message, p_encrypted_secured_message_length); + result = encrypt_(lib_its_security_context, p_to_be_encrypted_secured_message, p_to_be_encrypted_secured_message_length, p_encrypted_secured_message, p_encrypted_secured_message_length); if (result == -1) { // FXIME free all allocated resources free(*p_aes_sym_key); *p_aes_sym_key = NULL; @@ -1429,7 +1326,7 @@ int32_t encrypt_with_ecies_brainpoolp256r1_with_sha256( memcpy((void*)*p_nonce, (const void*)lib_its_security_context->nonce, lib_its_security_context->nonce_length); /* 4. Encrypt the data using AES-128 CCM */ lib_its_security_context->encryption_algorithm = aes_128_ccm; - result = encrypt(lib_its_security_context, p_to_be_encrypted_secured_message, p_to_be_encrypted_secured_message_length, p_encrypted_secured_message, p_encrypted_secured_message_length); + result = encrypt_(lib_its_security_context, p_to_be_encrypted_secured_message, p_to_be_encrypted_secured_message_length, p_encrypted_secured_message, p_encrypted_secured_message_length); if (result == -1) { // FXIME free all allocated resources free(*p_aes_sym_key); *p_aes_sym_key = NULL; @@ -1518,6 +1415,115 @@ int32_t decrypt_with_ecies_brainpoolp256r1_with_sha256( return result; } +int32_t encrypt_( + lib_its_security_context_t* p_lib_its_security_context, + const uint8_t* p_plain_text_message, + const size_t p_plain_text_message_length, + uint8_t** p_cipher_message, + size_t* p_cipher_message_length + ) { + /* Sanity checks */ + if ((p_lib_its_security_context == NULL) || (p_lib_its_security_context->sym_key == NULL) || (p_lib_its_security_context->nonce == NULL) || (p_plain_text_message == NULL) || (p_cipher_message == NULL)) { + return -1; + } + /* Initialize the context and encryption operation */ + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + /* Allocate buffers size */ + switch (p_lib_its_security_context->encryption_algorithm) { + case aes_128_ccm: + EVP_EncryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL); + if (p_lib_its_security_context->tag != NULL) { + free(p_lib_its_security_context->tag); + } + p_lib_its_security_context->tag_length = 16; + p_lib_its_security_context->tag = (uint8_t*)malloc(p_lib_its_security_context->tag_length); + *p_cipher_message = (uint8_t*)malloc(p_plain_text_message_length); + break; + case aes_256_ccm: + EVP_EncryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL); + break; + case aes_128_gcm: + EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL); + if (p_lib_its_security_context->tag != NULL) { + free(p_lib_its_security_context->tag); + } + p_lib_its_security_context->tag_length = 16; + p_lib_its_security_context->tag = (uint8_t*)malloc(p_lib_its_security_context->tag_length); + *p_cipher_message = (uint8_t*)malloc(p_plain_text_message_length); + break; + case aes_256_gcm: + EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL); + break; + } /* End of 'switch' statement */ + *p_cipher_message_length = p_plain_text_message_length; + /* Set nonce length */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, p_lib_its_security_context->nonce_length, NULL); + /* Set tag length */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, p_lib_its_security_context->tag_length, NULL); + /* Prime the key and nonce */ + EVP_EncryptInit_ex(ctx, NULL, NULL, p_lib_its_security_context->sym_key, p_lib_its_security_context->nonce); + // No authentication data + // Encrypt the data + int len = 0; + EVP_EncryptUpdate(ctx, *p_cipher_message, &len, p_plain_text_message, p_plain_text_message_length); + // Finalize the encryption session + EVP_EncryptFinal_ex(ctx, (*p_cipher_message) + len, &len); + /* Get the authentication tag */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, p_lib_its_security_context->tag_length, p_lib_its_security_context->tag); + + EVP_CIPHER_CTX_free(ctx); + + return 0; +} + +int32_t decrypt( + lib_its_security_context_t* p_lib_its_security_context, + const uint8_t* p_cipher_message, + const size_t p_cipher_message_length, + uint8_t** p_plain_text_message, + size_t* p_plain_text_message_length + ) { + /* Sanity checks */ + if ((p_lib_its_security_context == NULL) || (p_lib_its_security_context->sym_key == NULL) || (p_lib_its_security_context->nonce == NULL) || (p_cipher_message == NULL) || (p_plain_text_message == NULL)) { + return -1; + } + + /* Initialize the context and decryption operation */ + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + switch (p_lib_its_security_context->encryption_algorithm) { + case aes_128_ccm: + EVP_DecryptInit_ex(ctx, EVP_aes_128_ccm(), NULL, NULL, NULL); + break; + case aes_256_ccm: + EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL); + break; + case aes_128_gcm: + EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL); + break; + case aes_256_gcm: + EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL); + break; + } // End of 'switch' statement + /* Set nonce length */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, p_lib_its_security_context->nonce_length, NULL); + /* Set expected tag value */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, p_lib_its_security_context->tag_length, p_lib_its_security_context->tag); + /* Specify key and IV */ + EVP_DecryptInit_ex(ctx, NULL, NULL, p_lib_its_security_context->sym_key, p_lib_its_security_context->nonce); + /* Decrypt plaintext, verify tag: can only be called once */ + *p_plain_text_message = (uint8_t*)malloc(p_cipher_message_length); + *p_plain_text_message_length = p_cipher_message_length; + int len = 0; + int result = EVP_DecryptUpdate(ctx, *p_plain_text_message, &len, p_cipher_message, p_cipher_message_length); + EVP_CIPHER_CTX_free(ctx); + if (result != 1) { + free(*p_plain_text_message); + *p_plain_text_message = NULL; + } + + return (result > 0) ? 0 : -1; +} + int32_t generate_key_pair(lib_its_security_context_t* p_lib_its_security_context, uint8_t** p_private_key, uint8_t** p_public_key_x, uint8_t** p_public_key_y, uint8_t** p_public_key_compressed, ecc_compressed_mode_t* p_compressed_mode) { /* Sanity checks */ if ((p_lib_its_security_context == NULL) || (p_private_key == NULL) || (p_public_key_x == NULL) || (p_public_key_y == NULL) || (p_public_key_compressed == NULL) || (p_compressed_mode == NULL)) { @@ -1581,652 +1587,3 @@ int32_t generate_key_pair(lib_its_security_context_t* p_lib_its_security_context return 0; } - -#if defined(__MAIN__) - -static const uint8_t* test_string = (const uint8_t*)"cafedeca"; - -static lib_its_security_context_t* lib_its_security_context = NULL; -static lib_its_security_context_t* lib_its_security_context_comp = NULL; - -int main(int argc, char** argv) { - int32_t result; - - printf("###########################################################################\n"); - /* Test initialize */ - assert(lib_its_security_context == NULL); - assert(initialize(nist_p_256, NULL) == -1); - result = initialize(nist_p_256, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - } - assert(lib_its_security_context != NULL); - assert(lib_its_security_context->elliptic_curve == nist_p_256); - assert(lib_its_security_context->ec_key != NULL); - - /* Test hash_with_sha256 */ - { - uint8_t* hashed_data = NULL; - uint8_t* data_to_be_hashed = NULL; - result = hash_with_sha256(data_to_be_hashed, 10, &hashed_data); - if (result == -1) { - fprintf(stderr, "main: hash_with_sha256 failed: %d/'%s'\n", result, strerror(errno)); - } else { - assert(hashed_data != NULL); - assert(hashed_data[0] == 0xe3); - assert(hashed_data[31] == 0x55); - } - free(hashed_data); hashed_data = NULL; - size_t l; - data_to_be_hashed = hex_to_bin((const int8_t*)test_string, &l); - result = hash_with_sha256(data_to_be_hashed, 0, &hashed_data); - if (result == -1) { - fprintf(stderr, "main: hash_with_sha256 failed: %d/'%s'\n", result, strerror(errno)); - } else { - assert(hashed_data != NULL); - assert(hashed_data[0] == 0xe3); - assert(hashed_data[31] == 0x55); - } - free(hashed_data); hashed_data = NULL; - result = hash_with_sha256(data_to_be_hashed, l, &hashed_data); - if (result == -1) { - fprintf(stderr, "main: hash_with_sha256 failed: %d/'%s'\n", result, strerror(errno)); - } else { - show_hex((const int8_t*)"sha256", hashed_data, 32); - assert(hashed_data != NULL); - assert(hashed_data[0] == 0x84); - assert(hashed_data[31] == 0xfb); - } - free(data_to_be_hashed); - free(hashed_data); - } - - /* Test hash_with_sha384 */ - { - uint8_t* hashed_data = NULL; - uint8_t* data_to_be_hashed = NULL; - result = hash_with_sha384(data_to_be_hashed, 10, &hashed_data); - if (result == -1) { - fprintf(stderr, "main: hash_with_sha384 failed: %d/'%s'\n", result, strerror(errno)); - } else { - assert(hashed_data != NULL); - assert(hashed_data[0] == 0x38); - assert(hashed_data[47] == 0x5b); - } - free(hashed_data); hashed_data = NULL; - size_t l; - data_to_be_hashed = hex_to_bin((const int8_t*)test_string, &l); - result = hash_with_sha384(data_to_be_hashed, 0, &hashed_data); - if (result == -1) { - fprintf(stderr, "main: hash_with_sha384 failed: %d/'%s'\n", result, strerror(errno)); - } else { - assert(hashed_data != NULL); - assert(hashed_data[0] == 0x38); - assert(hashed_data[47] == 0x5b); - } - free(hashed_data); hashed_data = NULL; - result = hash_with_sha384(data_to_be_hashed, l, &hashed_data); - if (result == -1) { - fprintf(stderr, "main: hash_with_sha384 failed: %d/'%s'\n", result, strerror(errno)); - } else { - show_hex((const int8_t*)"sha384", hashed_data, 48); - assert(hashed_data != NULL); - assert(hashed_data[0] == 0x64); - assert(hashed_data[47] == 0x12); - } - free(data_to_be_hashed); - free(hashed_data); - } - - /* Test hmac_sha256 */ - { - uint8_t* hmac = NULL; - size_t secret_length; - uint8_t* secret = hex_to_bin((const int8_t*)"4a656665", &secret_length); - size_t message_length; - uint8_t* message = hex_to_bin((const int8_t*)"7768617420646f2079612077616e7420666f72206e6f7468696e673f", &message_length); - assert(hmac_sha256(secret, secret_length, message, message_length, NULL) == -1); - assert(hmac_sha256(NULL, secret_length, message, message_length, &hmac) == -1); - assert(hmac_sha256(secret, secret_length, NULL, message_length, &hmac) == -1); - assert(hmac_sha256(secret, 0, message, message_length, &hmac) == -1); - assert(hmac_sha256(secret, secret_length, message, 0, &hmac) == -1); - result = hmac_sha256(secret, secret_length, message, message_length, &hmac); - if (result == -1) { - fprintf(stderr, "main: hash_with_sha384 failed: %d/'%s'\n", result, strerror(errno)); - } else { - show_hex((const int8_t*)"hmac-sha256", hmac, 16); - assert(hmac[0] == 0x5b); - assert(hmac[15] == 0xc7); - free(hmac); - } - free(secret); - free(message); - } - - /* Test generate_key_pair */ - { - uint8_t* private_key; - uint8_t* public_key_x; - uint8_t* public_key_y; - uint8_t* public_key_compressed; - ecc_compressed_mode_t public_key_compressed_mode; - assert(generate_key_pair(NULL, &private_key, &public_key_x, &public_key_y, &public_key_compressed, &public_key_compressed_mode) == -1); - assert(generate_key_pair(lib_its_security_context, NULL, &public_key_x, &public_key_y, &public_key_compressed, &public_key_compressed_mode) == -1); - assert(generate_key_pair(lib_its_security_context, &private_key, NULL, &public_key_y, &public_key_compressed, &public_key_compressed_mode) == -1); - assert(generate_key_pair(lib_its_security_context, &private_key, &public_key_x, NULL, &public_key_compressed, &public_key_compressed_mode) == -1); - assert(generate_key_pair(lib_its_security_context, &private_key, &public_key_x, &public_key_y, NULL, &public_key_compressed_mode) == -1); - assert(generate_key_pair(lib_its_security_context, &private_key, &public_key_x, &public_key_y, &public_key_compressed, NULL) == -1); - result = generate_key_pair(lib_its_security_context, &private_key, &public_key_x, &public_key_y, &public_key_compressed, &public_key_compressed_mode); - if (result == -1) { - fprintf(stderr, "main: generate_key_pair failed: %d/'%s'\n", result, strerror(errno)); - } else { - show_hex((const int8_t*)"private_key", private_key, 32); - free(private_key); - show_hex((const int8_t*)"public_key_x", public_key_x, 32); - free(public_key_x); - show_hex((const int8_t*)"public_key_y", public_key_y, 32); - free(public_key_y); - show_hex((const int8_t*)"public_key_compressed", public_key_compressed, 32); - free(public_key_compressed); - printf("p_public_key_compressed_mode: %02x\n", public_key_compressed_mode); - } - } - - /* Test uninitialize */ - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - - printf("###########################################################################\n"); - /* Test basic signature */ - { - assert(lib_its_security_context == NULL); - result = initialize(nist_p_256, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - uint8_t* private_key; - uint8_t* public_key_x; - uint8_t* public_key_y; - uint8_t* public_key_compressed; - ecc_compressed_mode_t public_key_compressed_mode; - result = generate_key_pair(lib_its_security_context, &private_key, &public_key_x, &public_key_y, &public_key_compressed, &public_key_compressed_mode); - if (result == -1) { - fprintf(stderr, "main: generate_key_pair failed: %d/'%s'\n", result, strerror(errno)); - } else { - show_hex((const int8_t*)"private_key", private_key, 32); - show_hex((const int8_t*)"public_key_x", public_key_x, 32); - show_hex((const int8_t*)"public_key_y", public_key_y, 32); - show_hex((const int8_t*)"public_key_compressed", public_key_compressed, 32); - printf("p_public_key_compressed_mode: %02x\n", public_key_compressed_mode); - - uint8_t* sig_r; - uint8_t* sig_s; - size_t sig_length; - result = sign(lib_its_security_context, public_key_y, 32, &sig_r, &sig_s, &sig_length); - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } else { - show_hex((const int8_t*)"sig_r", sig_r, 32); - show_hex((const int8_t*)"sig_s", sig_s, 32); - printf("signature length=%ld\n", sig_length); - result = sign_verify(lib_its_security_context, public_key_y, 32, sig_r, sig_s, sig_length); - if (result == 0) { - printf("Signature was verified\n"); - } else { - printf("Signature was NOT verified\n"); - } - *(public_key_y + 1) = 0xaa; *(public_key_y + 2) = 0xaa; - result = sign_verify(lib_its_security_context, public_key_y, 32, sig_r, sig_s, sig_length); - if (result == -1) { - printf("Signature was not verified successfully\n"); - } else { - printf("Signature SHALL NOT be verified\n"); - } - free(sig_r); - free(sig_s); - } - free(private_key); - free(public_key_x); - free(public_key_y); - free(public_key_compressed); - } - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - } - - /* Test signature NistP-256 */ - printf("###########################################################################\n"); - { - assert(lib_its_security_context == NULL); - result = initialize(nist_p_256, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - uint8_t* private_key; - uint8_t* public_key_x; - uint8_t* public_key_y; - uint8_t* public_key_compressed; - ecc_compressed_mode_t public_key_compressed_mode; - result = generate_key_pair(lib_its_security_context, &private_key, &public_key_x, &public_key_y, &public_key_compressed, &public_key_compressed_mode); - if (result == -1) { - fprintf(stderr, "main: generate_key_pair failed: %d/'%s'\n", result, strerror(errno)); - } else { - show_hex((const int8_t*)"private_key ", private_key, 32); - show_hex((const int8_t*)"public_key_x", public_key_x, 32); - show_hex((const int8_t*)"public_key_y", public_key_y, 32); - show_hex((const int8_t*)"public_key_compressed", public_key_compressed, 32); - printf("p_public_key_compressed_mode: %02x\n", public_key_compressed_mode); - - uint8_t issuer[32] = { 0x00 }; - uint8_t* sig; - result = sign_with_ecdsa_nistp256_with_sha256(lib_its_security_context, public_key_y, 32, issuer, private_key, &sig); - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } else { - show_hex((const int8_t*)"sig", sig, 64); - result = verify_with_ecdsa_nistp256_with_sha256(lib_its_security_context, public_key_y, 32, issuer, sig, public_key_compressed, public_key_compressed_mode); - if (result == 0) { - printf("Signature was verified\n"); - } else { - printf("Signature was NOT verified\n"); - } - *(public_key_y + 1) = 0xaa; *(public_key_y + 2) = 0xaa; - result = verify_with_ecdsa_nistp256_with_sha256(lib_its_security_context, public_key_y, 32, issuer, sig, public_key_compressed, public_key_compressed_mode); - if (result == -1) { - printf("Signature was not verified successfully\n"); - } else { - printf("Signature SHALL NOT be verified\n"); - } - free(sig); - } - free(private_key); - free(public_key_x); - free(public_key_y); - free(public_key_compressed); - } - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - } - - /* Test signature BrainpoolP-384r1 */ - printf("###########################################################################\n"); - printf("Test signature BrainpoolP-384r1\n"); - { - assert(lib_its_security_context == NULL); - result = initialize(brainpool_p_384_r1, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - uint8_t* private_key; - uint8_t* public_key_x; - uint8_t* public_key_y; - uint8_t* public_key_compressed; - ecc_compressed_mode_t public_key_compressed_mode; - result = generate_key_pair(lib_its_security_context, &private_key, &public_key_x, &public_key_y, &public_key_compressed, &public_key_compressed_mode); - if (result == -1) { - fprintf(stderr, "main: generate_key_pair failed: %d/'%s'\n", result, strerror(errno)); - } else { - show_hex((const int8_t*)"private_key", private_key, 48); - show_hex((const int8_t*)"public_key_x", public_key_x, 48); - show_hex((const int8_t*)"public_key_y", public_key_y, 48); - show_hex((const int8_t*)"public_key_compressed", public_key_compressed, 48); - printf("p_public_key_compressed_mode: %02x\n", public_key_compressed_mode); - - uint8_t issuer[32] = { 0x00 }; - uint8_t* sig; - result = sign_with_ecdsa_brainpoolp384r1_with_sha384(lib_its_security_context, public_key_y, 48, issuer, private_key, &sig); - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } else { - show_hex((const int8_t*)"sig", sig, 96); - result = verify_with_ecdsa_brainpoolp384r1_with_sha384(lib_its_security_context, public_key_y, 48, issuer, sig, public_key_compressed, public_key_compressed_mode); - if (result == 0) { - printf("Signature was verified\n"); - } else { - printf("Signature was NOT verified\n"); - } - *(public_key_y + 1) = 0xaa; *(public_key_y + 2) = 0xaa; - result = verify_with_ecdsa_brainpoolp384r1_with_sha384(lib_its_security_context, public_key_y, 48, issuer, sig, public_key_compressed, public_key_compressed_mode); - if (result == -1) { - printf("Signature was not verified successfully\n"); - } else { - printf("Signature SHALL NOT be verified\n"); - } - free(sig); - } - free(private_key); - free(public_key_x); - free(public_key_y); - free(public_key_compressed); - } - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - } - - /* Test kdf_sha256 */ - printf("###########################################################################\n"); - printf("Test kdf_sha256 \n"); - { - assert(lib_its_security_context == NULL); - result = initialize(nist_p_256, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - // Test #1 - lib_its_security_context->secret_key = hex_to_bin((const int8_t*)"035DE77D62E51528ABE1403B25C8F0B8EFD47353EFD65E12F79A77122BF5137C", &lib_its_security_context->secret_key_length); - size_t salt_length; - uint8_t* salt = hex_to_bin((const int8_t*)"4739DA8E1723A178CCF278763454DAE55B67208F1D9DCB312BDA08D4402BDEAA", &salt_length); - size_t expected_digest_length; - uint8_t* expected_digest = hex_to_bin((const int8_t*)"3261BBDBA2301F163E1DEDF5038EDB146EDD08269AF295897089411FEA5372E073C3E330926D3828A7B88DF9CEA4ED65A4A5629424C490A869C1A54F91775EC0", &expected_digest_length); - uint8_t* digest; - size_t digest_length; - assert(kdf2(lib_its_security_context, salt, salt_length, 48, 0x00, &digest, &digest_length) == 0); - assert(expected_digest_length == digest_length); - for (int32_t i = 0; i < expected_digest_length; assert(digest[i] == expected_digest[i]), i++); - free(digest); - free(salt); - free(expected_digest); - free(lib_its_security_context->secret_key); lib_its_security_context->secret_key = NULL; - // Test #2 - lib_its_security_context->secret_key = hex_to_bin((const int8_t*)"8774F7739C1C7D33F1DD108527B8B5F532ED301C7AF9D2D750BA585B95AE6DDB", &lib_its_security_context->secret_key_length); - salt = hex_to_bin((const int8_t*)"4739DA8E1723A178CCF278763454DAE55B67208F1D9DCB312BDA08D4402BDEAA", &salt_length); - expected_digest = hex_to_bin((const int8_t*)"CEFD867314270E19795F9B8622D2E565B463CEA484A2E467BFAAD24AC3CC782BC62C55A95259CEA36ED1049E5454A7A272CDCE7A24B6140A740E4C4002B0A6F9", &expected_digest_length); - assert(kdf2(lib_its_security_context, salt, salt_length, 48, 0x00, &digest, &digest_length) == 0); - assert(expected_digest_length == digest_length); - for (int32_t i = 0; i < expected_digest_length; assert(digest[i] == expected_digest[i]), i++); - free(digest); - free(salt); - free(expected_digest); - free(lib_its_security_context->secret_key); lib_its_security_context->secret_key = NULL; - - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - } - - /* Test encrypt function */ - printf("###########################################################################\n"); - printf("Test encrypt \n"); - { - assert(lib_its_security_context == NULL); - result = initialize(nist_p_256, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - // Test #1 - lib_its_security_context->nonce = hex_to_bin((const int8_t*)"8A395AA1C94062766027BFAC", &lib_its_security_context->nonce_length); - lib_its_security_context->sym_key = hex_to_bin((const int8_t*)"A3762D576B7A1DC2A2D8CF11B28A8BF8", &lib_its_security_context->sym_key_length); - size_t plain_text_message_length; - uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); - uint8_t* cipher_message; - size_t cipher_message_length; - lib_its_security_context->encryption_algorithm = aes_128_ccm; - assert(encrypt(lib_its_security_context, plain_text_message, plain_text_message_length, &cipher_message, &cipher_message_length) == 0); - printf("cipher_message_length= %ld\n", cipher_message_length); - show_hex((const int8_t*)"cipher_message", cipher_message, cipher_message_length); - show_hex((const int8_t*)"tag", lib_its_security_context->tag, lib_its_security_context->tag_length); - cipher_message = (uint8_t*)realloc((void*)cipher_message, cipher_message_length + lib_its_security_context->tag_length); - memcpy((void*)(cipher_message + cipher_message_length), (const void*)lib_its_security_context->tag, lib_its_security_context->tag_length); - cipher_message_length += lib_its_security_context->tag_length; - show_hex((const int8_t*)"cipher_message||tag", cipher_message, cipher_message_length); - size_t expected_cipher_message_length; - uint8_t* expected_cipher_message = hex_to_bin((const int8_t*)"cfea3fed73db25664feb046e0097fb57e541b12d74985965b175462893f32f9b373525b399367140542f44f94abb8b9df77b0d2bcce4709081d7d4ad781b8f28c86d8ee48e3b5427cf57ade2927701066d565073bbb31c2e54bf68da36296f9a23ab4c63a8ac26f92d0b99d28650120cb2d2dc0220a0bc56267736e3607c8a78094e167b65191a20cf9cdcb58d757756de32c75822de5687db6d7a65803137347a43da0db6de10dcfd3f045c3cc2198f29522cb72fc5296fdafa3b13151bb866078c5305b1a9ee08c34fb12b2c2c7bf06866f0d308e0721557d35448c37f126c96328acdc1298f316d6b0e94b2bb15228f5906809f56e39e2a5fba1d06b6222c3ff0234580288c09566c79d72342a2724033a55921dbabf3ec01ee123976b171e3c549", &expected_cipher_message_length); - assert(expected_cipher_message_length == cipher_message_length); - for (int32_t i = 0; i < expected_cipher_message_length; assert(*(expected_cipher_message + i) == *(cipher_message + i)), i++); - free(plain_text_message); - free(expected_cipher_message); - free(cipher_message); - - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - } - - /* Test decrypt function */ - printf("###########################################################################\n"); - printf("Test decrypt \n"); - { - assert(lib_its_security_context == NULL); - result = initialize(nist_p_256, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - // Test #1 - lib_its_security_context->nonce = hex_to_bin((const int8_t*)"8A395AA1C94062766027BFAC", &lib_its_security_context->nonce_length); - lib_its_security_context->sym_key = hex_to_bin((const int8_t*)"A3762D576B7A1DC2A2D8CF11B28A8BF8", &lib_its_security_context->sym_key_length); - lib_its_security_context->tag = hex_to_bin((const int8_t*)"5921DBABF3EC01EE123976B171E3C549", &lib_its_security_context->tag_length); - size_t cipher_message_length; - uint8_t* cipher_message = hex_to_bin((const int8_t*)"cfea3fed73db25664feb046e0097fb57e541b12d74985965b175462893f32f9b373525b399367140542f44f94abb8b9df77b0d2bcce4709081d7d4ad781b8f28c86d8ee48e3b5427cf57ade2927701066d565073bbb31c2e54bf68da36296f9a23ab4c63a8ac26f92d0b99d28650120cb2d2dc0220a0bc56267736e3607c8a78094e167b65191a20cf9cdcb58d757756de32c75822de5687db6d7a65803137347a43da0db6de10dcfd3f045c3cc2198f29522cb72fc5296fdafa3b13151bb866078c5305b1a9ee08c34fb12b2c2c7bf06866f0d308e0721557d35448c37f126c96328acdc1298f316d6b0e94b2bb15228f5906809f56e39e2a5fba1d06b6222c3ff0234580288c09566c79d72342a2724033a5", &cipher_message_length); - uint8_t* plain_text_message; - size_t plain_text_message_length; - lib_its_security_context->encryption_algorithm = aes_128_ccm; - assert(decrypt(lib_its_security_context, cipher_message, cipher_message_length, &plain_text_message, &plain_text_message_length) == 0); - printf("plain_text_message_length= %ld\n", plain_text_message_length); - show_hex((const int8_t*)"plain_text_message", plain_text_message, plain_text_message_length); - size_t expected_plain_text_message_length; - uint8_t* expected_plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &expected_plain_text_message_length); - assert(expected_plain_text_message_length == cipher_message_length); - for (int32_t i = 0; i < expected_plain_text_message_length; assert(*(expected_plain_text_message + i) == *(plain_text_message + i)), i++); - free(cipher_message); - free(plain_text_message); - free(expected_plain_text_message); - - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - } - - /* Test generate_and_derive_ephemeral_key_for_encryption */ - printf("###########################################################################\n"); - printf("Test generate_and_derive_ephemeral_key_for_encryption \n"); - { - assert(lib_its_security_context == NULL); - assert(lib_its_security_context_comp == NULL); - size_t l; - uint8_t* private_key = hex_to_bin((const int8_t*)"65322BEE2CFC665FBBAC6C0DC42EE73422278DFB7563A6350F7087013E216ACA", &l); - assert(l == 32); - result = initialize_with_private_key(nist_p_256, private_key, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - free(private_key); - - // Test #1 - size_t recipients_public_key_length; - uint8_t* recipients_public_key = hex_to_bin((const int8_t*)"E169F42FB028801B6DB717F5E7A37A7FBB17CB95A811BF224588F6F256FE8DDC", &recipients_public_key_length); - assert(recipients_public_key_length == 32); - assert(initialize_with_public_key(nist_p_256, recipients_public_key, compressed_y_0, &lib_its_security_context_comp) == 0); - assert(lib_its_security_context_comp->ec_key != NULL); - assert(lib_its_security_context_comp->ec_group != NULL); - assert(lib_its_security_context_comp->key_length == 32); - size_t salt_length; - uint8_t* salt = hex_to_bin((const int8_t*)"89BAB7DEA15BDAF3FF0357D952760A25735DD9816941BF6562C042D452D16EBA", &salt_length); - assert(generate_and_derive_ephemeral_key_for_encryption(lib_its_security_context/*Ephemeral's private key*/, aes_128_ccm, lib_its_security_context_comp/*recipient's public keys*/, salt, salt_length) == 0); - assert(lib_its_security_context->sym_key_length == 16); - assert(lib_its_security_context->tag_length == 16); - // Expected digest: 22cc5d042f654a9ce39e52fe232248a8d4793603b1ce4e98f67f2d634c24692573a2e89dbe9952e79b32faa0c94bf614b243fd84097d2eb50c4d6a4b996b7c12 - // Expected k1: 22cc5d042f654a9ce39e52fe232248a8 - // Expected k2: d4793603b1ce4e98f67f2d634c24692573a2e89dbe9952e79b32faa0c94bf614 - show_hex((const int8_t*)"nonce", lib_its_security_context->nonce, lib_its_security_context->nonce_length); - show_hex((const int8_t*)"tag", lib_its_security_context->tag, lib_its_security_context->tag_length); - show_hex((const int8_t*)"sym_key", lib_its_security_context->sym_key, lib_its_security_context->sym_key_length); - show_hex((const int8_t*)"enc_sym_key", lib_its_security_context->enc_sym_key, lib_its_security_context->sym_key_length); - - free(recipients_public_key); - free(salt); - - uninitialize(&lib_its_security_context_comp); - lib_its_security_context_comp = NULL; - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - } - - /* Test encrypt_with_ecies_nistp256_with_sha256 #1 */ - printf("###########################################################################\n"); - printf("Test xxcrypt_with_ecies_nistp256_with_sha256 #1 \n"); - { - printf("==> encrypt_with_ecies_nistp256_with_sha256 #1 \n"); - assert(lib_its_security_context == NULL); - assert(lib_its_security_context_comp == NULL); - result = initialize(nist_p_256, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - /* Generate recipient's key */ - assert(generate_key_pair(lib_its_security_context, &lib_its_security_context->private_key, &lib_its_security_context->public_key_x, &lib_its_security_context->public_key_y, &lib_its_security_context->public_key_c, &lib_its_security_context->compressed_mode) == 0); - /* Set parameters */ - size_t plain_text_message_length; - uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); - size_t salt_length; - uint8_t* salt = hex_to_bin((const int8_t*)"4739DA8E1723A178CCF278763454DAE55B67208F1D9DCB312BDA08D4402BDEAA", &salt_length); - /* Encrypt */ - uint8_t* ephemeral_key_compressed = NULL; - ecc_compressed_mode_t ephemeral_compressed_mode; - uint8_t* aes_sym_key = NULL; - uint8_t* encrypted_sym_key = NULL; - uint8_t* authentication_vector = NULL; - uint8_t* nonce = NULL; - uint8_t* encrypted_secured_message = NULL; - size_t encrypted_secured_message_length; - assert(encrypt_with_ecies_nistp256_with_sha256(lib_its_security_context/*recipient's public keys*/, plain_text_message, plain_text_message_length, lib_its_security_context->public_key_c, lib_its_security_context->compressed_mode, salt, salt_length, &ephemeral_key_compressed, &ephemeral_compressed_mode, &aes_sym_key, &encrypted_sym_key, &authentication_vector, &nonce, &encrypted_secured_message, &encrypted_secured_message_length) == 0); - show_hex((const int8_t*)"ephemeral_key_compressed", ephemeral_key_compressed, 32); - show_hex((const int8_t*)"encrypted_secured_message || tag", encrypted_secured_message, encrypted_secured_message_length); - /* Decrypt */ - printf("==> decrypt_with_ecies_nistp256_with_sha256 #1 \n"); - size_t new_plain_text_message_length; - uint8_t* new_plain_text_message = NULL; - uint8_t* new_aes_enc_sym_key = NULL; - assert(decrypt_with_ecies_nistp256_with_sha256(lib_its_security_context, encrypted_secured_message, encrypted_secured_message_length, lib_its_security_context->private_key, ephemeral_key_compressed, ephemeral_compressed_mode, encrypted_sym_key, authentication_vector, nonce, salt, salt_length, &new_aes_enc_sym_key, &new_plain_text_message, &new_plain_text_message_length) == 0); - show_hex((const int8_t*)"new_plain_text_message", new_plain_text_message, new_plain_text_message_length); - show_hex((const int8_t*)"new_aes_enc_sym_key", new_aes_enc_sym_key, 16); - /* TODO Verify result */ - assert(new_plain_text_message_length == plain_text_message_length); - for (int32_t i = 0; i < plain_text_message_length; assert(*(plain_text_message + i) == *(new_plain_text_message + i)), i++); - for (int32_t i = 0; i < 16; assert(*(encrypted_sym_key + i) == *(new_aes_enc_sym_key + i)), i++); - - free(new_plain_text_message); - free(new_aes_enc_sym_key); - free(plain_text_message); - free(salt); - free(aes_sym_key); - free(encrypted_sym_key); - free(authentication_vector); - free(nonce); - free(encrypted_secured_message); - free(ephemeral_key_compressed); - - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - } - - /* Test encrypt_with_ecies_brainpoolp256r1_with_sha256 #1 */ - printf("###########################################################################\n"); - printf("Test xxcrypt_with_ecies_brainpoolp256r1_with_sha256 #1 \n"); - { - printf("==> encrypt_with_ecies_brainpoolp256r1_with_sha256 #1 \n"); - assert(lib_its_security_context == NULL); - assert(lib_its_security_context_comp == NULL); - result = initialize(brainpool_p_256_r1, &lib_its_security_context); - if (result == -1) { - fprintf(stderr, "main: initialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - /* Generate recipient's key */ - assert(generate_key_pair(lib_its_security_context, &lib_its_security_context->private_key, &lib_its_security_context->public_key_x, &lib_its_security_context->public_key_y, &lib_its_security_context->public_key_c, &lib_its_security_context->compressed_mode) == 0); - /* Set parameters */ - size_t plain_text_message_length; - uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); - size_t salt_length; - uint8_t* salt = hex_to_bin((const int8_t*)"4739DA8E1723A178CCF278763454DAE55B67208F1D9DCB312BDA08D4402BDEAA", &salt_length); - /* Encrypt */ - uint8_t* ephemeral_key_compressed = NULL; - ecc_compressed_mode_t ephemeral_compressed_mode; - uint8_t* aes_sym_key = NULL; - uint8_t* encrypted_sym_key = NULL; - uint8_t* authentication_vector = NULL; - uint8_t* nonce = NULL; - uint8_t* encrypted_secured_message = NULL; - size_t encrypted_secured_message_length; - assert(encrypt_with_ecies_brainpoolp256r1_with_sha256(lib_its_security_context/*recipient's public keys*/, plain_text_message, plain_text_message_length, lib_its_security_context->public_key_c, lib_its_security_context->compressed_mode, salt, salt_length, &ephemeral_key_compressed, &ephemeral_compressed_mode, &aes_sym_key, &encrypted_sym_key, &authentication_vector, &nonce, &encrypted_secured_message, &encrypted_secured_message_length) == 0); - show_hex((const int8_t*)"ephemeral_key_compressed", ephemeral_key_compressed, 32); - show_hex((const int8_t*)"encrypted_secured_message || tag", encrypted_secured_message, encrypted_secured_message_length); - /* Decrypt */ - printf("==> decrypt_with_ecies_brainpoolp256r1_with_sha256 #1 \n"); - size_t new_plain_text_message_length; - uint8_t* new_plain_text_message = NULL; - uint8_t* new_aes_enc_sym_key = NULL; - assert(decrypt_with_ecies_brainpoolp256r1_with_sha256(lib_its_security_context, encrypted_secured_message, encrypted_secured_message_length, lib_its_security_context->private_key, ephemeral_key_compressed, ephemeral_compressed_mode, encrypted_sym_key, authentication_vector, nonce, salt, salt_length, &new_aes_enc_sym_key, &new_plain_text_message, &new_plain_text_message_length) == 0); - show_hex((const int8_t*)"new_plain_text_message", new_plain_text_message, new_plain_text_message_length); - show_hex((const int8_t*)"new_aes_enc_sym_key", new_aes_enc_sym_key, 16); - /* TODO Verify result */ - assert(new_plain_text_message_length == plain_text_message_length); - for (int32_t i = 0; i < plain_text_message_length; assert(*(plain_text_message + i) == *(new_plain_text_message + i)), i++); - for (int32_t i = 0; i < 16; assert(*(encrypted_sym_key + i) == *(new_aes_enc_sym_key + i)), i++); - - free(new_plain_text_message); - free(new_aes_enc_sym_key); - free(plain_text_message); - free(salt); - free(aes_sym_key); - free(encrypted_sym_key); - free(authentication_vector); - free(nonce); - free(encrypted_secured_message); - free(ephemeral_key_compressed); - - result = uninitialize(&lib_its_security_context); - lib_its_security_context = NULL; - if (result == -1) { - fprintf(stderr, "main: uninitialize failed: %d/'%s'\n", result, strerror(errno)); - return -1; - } - } - - return 0; -} - -#endif diff --git a/tools/itssecurity/lib_its_security/lib_its_security.h b/tools/itssecurity/lib_its_security/lib_its_security.h index 2258ca6a5f052687727b90f4af95b7ebe710699b..13e1d545fd6600069da517bb28f2c9816d74f08d 100644 --- a/tools/itssecurity/lib_its_security/lib_its_security.h +++ b/tools/itssecurity/lib_its_security/lib_its_security.h @@ -106,6 +106,10 @@ typedef struct lib_its_security_context_ { */ LIBITSSECURITY_API int32_t initialize(const ecc_elliptic_curves_t p_elliptic_curve, lib_its_security_context_t** p_lib_its_security_context); +LIBITSSECURITY_API int32_t initialize_with_public_key(const ecc_elliptic_curves_t p_elliptic_curve, const uint8_t* p_public_key, const ecc_compressed_mode_t p_compressed_mode, lib_its_security_context_t** p_lib_its_security_context); + +LIBITSSECURITY_API int32_t initialize_with_private_key(const ecc_elliptic_curves_t p_elliptic_curve, const uint8_t* p_private_key, lib_its_security_context_t** p_lib_its_security_context); + /** * \fn int32_t uninitialize(lib_its_security_context_t** p_lib_its_security_context); * \brief Release resources allocated by initialize fiunction @@ -297,22 +301,22 @@ LIBITSSECURITY_API int32_t verify_with_ecdsa_brainpoolp384r1_with_sha384( * \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf */ LIBITSSECURITY_API int32_t encrypt_with_ecies_nistp256_with_sha256( - lib_its_security_context_t* p_lib_its_security_context, - const uint8_t* p_to_be_encrypted_secured_message, - const size_t p_to_be_encrypted_secured_message_length, - const uint8_t* p_recipients_public_key_compressed, - const ecc_compressed_mode_t p_compressed_mode, - const uint8_t* p_salt, - const size_t p_salt_length, - uint8_t** p_public_ephemeral_key_compressed, - ecc_compressed_mode_t* p_ephemeral_compressed_mode, - uint8_t** p_aes_sym_key, - uint8_t** p_encrypted_sym_key, - uint8_t** p_authentication_vector, - uint8_t** p_nonce, - uint8_t** p_encrypted_secured_message, - size_t* p_encrypted_secured_message_length - ); + lib_its_security_context_t* p_lib_its_security_context, + const uint8_t* p_to_be_encrypted_secured_message, + const size_t p_to_be_encrypted_secured_message_length, + const uint8_t* p_recipients_public_key_compressed, + const ecc_compressed_mode_t p_compressed_mode, + const uint8_t* p_salt, + const size_t p_salt_length, + uint8_t** p_public_ephemeral_key_compressed, + ecc_compressed_mode_t* p_ephemeral_compressed_mode, + uint8_t** p_aes_sym_key, + uint8_t** p_encrypted_sym_key, + uint8_t** p_authentication_vector, + uint8_t** p_nonce, + uint8_t** p_encrypted_secured_message, + size_t* p_encrypted_secured_message_length + ); /** * \brief Decrypt the message using ECIES algorithm to decrypt AES 128 CCM symmetric key,as defined in IEEE Std 1609.2-2017 @@ -330,39 +334,39 @@ LIBITSSECURITY_API int32_t encrypt_with_ecies_nistp256_with_sha256( * \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf */ LIBITSSECURITY_API int32_t decrypt_with_ecies_nistp256_with_sha256( - lib_its_security_context_t* p_lib_its_security_context, - const uint8_t* p_encrypted_secured_message, - const size_t p_encrypted_secured_message_length, - const uint8_t* p_private_enc_key, - const uint8_t* p_public_ephemeral_key_compressed, - const ecc_compressed_mode_t p_ephemeral_compressed_mode, - const uint8_t* p_encrypted_sym_key, - const uint8_t* p_authentication_vector, - const uint8_t* p_nonce, - const uint8_t* p_salt, - const size_t p_salt_length, - uint8_t** p_aes_sym_enc_key, - uint8_t** p_plain_text_message, - size_t* p_plain_text_message_length - ); + lib_its_security_context_t* p_lib_its_security_context, + const uint8_t* p_encrypted_secured_message, + const size_t p_encrypted_secured_message_length, + const uint8_t* p_private_enc_key, + const uint8_t* p_public_ephemeral_key_compressed, + const ecc_compressed_mode_t p_ephemeral_compressed_mode, + const uint8_t* p_encrypted_sym_key, + const uint8_t* p_authentication_vector, + const uint8_t* p_nonce, + const uint8_t* p_salt, + const size_t p_salt_length, + uint8_t** p_aes_sym_enc_key, + uint8_t** p_plain_text_message, + size_t* p_plain_text_message_length + ); LIBITSSECURITY_API int32_t encrypt_with_ecies_brainpoolp256r1_with_sha256( - lib_its_security_context_t* p_lib_its_security_context, - const uint8_t* p_to_be_encrypted_secured_message, - const size_t p_to_be_encrypted_secured_message_length, - const uint8_t* p_recipients_public_key_compressed, - const ecc_compressed_mode_t p_compressed_mode, - const uint8_t* p_salt, - const size_t p_salt_length, - uint8_t** p_public_ephemeral_key_compressed, - ecc_compressed_mode_t* p_ephemeral_compressed_mode, - uint8_t** p_aes_sym_key, - uint8_t** p_encrypted_sym_key, - uint8_t** p_authentication_vector, - uint8_t** p_nonce, - uint8_t** p_encrypted_secured_message, - size_t* p_encrypted_secured_message_length - ); + lib_its_security_context_t* p_lib_its_security_context, + const uint8_t* p_to_be_encrypted_secured_message, + const size_t p_to_be_encrypted_secured_message_length, + const uint8_t* p_recipients_public_key_compressed, + const ecc_compressed_mode_t p_compressed_mode, + const uint8_t* p_salt, + const size_t p_salt_length, + uint8_t** p_public_ephemeral_key_compressed, + ecc_compressed_mode_t* p_ephemeral_compressed_mode, + uint8_t** p_aes_sym_key, + uint8_t** p_encrypted_sym_key, + uint8_t** p_authentication_vector, + uint8_t** p_nonce, + uint8_t** p_encrypted_secured_message, + size_t* p_encrypted_secured_message_length + ); LIBITSSECURITY_API int32_t decrypt_with_ecies_brainpoolp256r1_with_sha256( lib_its_security_context_t* p_lib_its_security_context, @@ -381,6 +385,42 @@ LIBITSSECURITY_API int32_t decrypt_with_ecies_brainpoolp256r1_with_sha256( size_t* p_plain_text_message_length ); +/** + * \fn int32_t encrypt_(p_lib_its_security_context_t* p_lib_its_security_context, const uint8_t* p_plain_text_message, const size_t p_plain_text_message_length, uint8_t** p_cipher_message, size_t* p_cipher_message_length); + * \brief Encryption function using algorithm specified in the internal context. + * \param[in/out] p_lib_its_security_context The internal context + * \param[out] p_plain_text_message The plain text message to be ciphered + * \param[out] p_plain_text_message_length The plain text message length + * \param[out] p_cipher_message The ciphered message + * \param[out] p_cipher_message_length The ciphered message length + * \return 0 on success, -1 otherwise + */ + LIBITSSECURITY_API int32_t encrypt_( // Conflict with unistd.h + lib_its_security_context_t* p_lib_its_security_context, + const uint8_t* p_plain_text_message, + const size_t p_plain_text_message_length, + uint8_t** p_cipher_message, + size_t* p_cipher_message_length + ); + +/** + * \fn int32_t decrypt(lib_its_security_context_t* p_lib_its_security_context, const uint8_t* p_cipher_message, const size_t p_cipher_message_length, uint8_t** p_plain_text_message, size_t* p_plain_text_message_length); + * \brief Decryption function using algorithm specified in the internal context. + * \param[in/out] p_lib_its_security_context The internal context + * \param[out] p_cipher_message The ciphered message to be decrypted + * \param[out] p_cipher_message_length The ciphered message length + * \param[out] p_plain_text_message The plain text message + * \param[out] p_plain_text_message_length The plain text message length + * \return 0 on success, -1 otherwise + */ +LIBITSSECURITY_API int32_t decrypt( + lib_its_security_context_t* p_lib_its_security_context, + const uint8_t* p_cipher_message, + const size_t p_cipher_message_length, + uint8_t** p_plain_text_message, + size_t* p_plain_text_message_length + ); + /** * \fn int32_t generate_key_pair(lib_its_security_context_t* p_lib_its_security_context, uint8_t** p_private_key,uint8_t** p_public_key_x,uint8_t** p_public_key_y,uint8_t** p_public_key_compressed, ecc_compressed_mode_t* p_compressed_mode); * \brief Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm. diff --git a/tools/itssecurity/test/test_lib_its_security.cc b/tools/itssecurity/test/test_lib_its_security.cc index ce079dc2bf45bb460395d7d7202eb999117cd4c4..be4eddc268d779d481a31b34ed17b621735128ab 100755 --- a/tools/itssecurity/test/test_lib_its_security.cc +++ b/tools/itssecurity/test/test_lib_its_security.cc @@ -499,6 +499,32 @@ TEST(lib_its_security_test_suite, sign_with_ecdsa_nistp256_with_sha256_4) { EXPECT_TRUE(lib_its_security_context == NULL); } +TEST(lib_its_security_test_suite, sign_with_ecdsa_nistp256_with_sha256_5) { + // Preamble + lib_its_security_context_t* lib_its_security_context = NULL; + EXPECT_TRUE(initialize(nist_p_256, &lib_its_security_context) == 0); + size_t l; + uint8_t* issuer = hex_to_bin((const int8_t*)"4CC9D9FECC22775705A4B15929A3B01BEEE0BE6903AC3524EFEB473043DD2B88", &l); + uint8_t* sig = hex_to_bin((const int8_t*)"208F312F000D528C45E05A8BD9BC40A3627AA423FC5E8979068646B2C7A55449232B3FFEA13D9C73B2936CA4C037F984FB1FA6ACC34CD9D4C5C9C41B804C47A6", &l); + uint8_t* public_key_compressed = hex_to_bin((const int8_t*)"311038D31EF3A6201EEFC8CE75220F83FB18783923C7A31093DDED24F8123C8F", &l); + ecc_compressed_mode_t public_key_compressed_mode = compressed_y_1; + uint8_t* message = hex_to_bin((const int8_t*)"4003805320508000002F0A00BC21001C6B0D0201CBF4D9FB15E761B5FD48CC8D000000000000000007D1000002020010F43DDDE14059718956ADC020AE600200200030D41E0000012016840310A50733FFE1FFFA0010004001240001D00CB48315C1", &l); + + // Test body + EXPECT_TRUE(verify_with_ecdsa_nistp256_with_sha256(lib_its_security_context, message, l, issuer, sig, public_key_compressed, public_key_compressed_mode) == 0); + *(sig + 1) = 0xaa; *(sig + 2) = 0xaa; + EXPECT_TRUE(verify_with_ecdsa_nistp256_with_sha256(lib_its_security_context, message, l, issuer, sig, public_key_compressed, public_key_compressed_mode) == -1); + + // Postamble + free(message); + free(public_key_compressed); + free(sig); + free(issuer); + EXPECT_TRUE(lib_its_security_context->ec_key != NULL); + EXPECT_TRUE(uninitialize(&lib_its_security_context) == 0); + EXPECT_TRUE(lib_its_security_context == NULL); +} + TEST(lib_its_security_test_suite, sign_with_ecdsa_brainpoolp256r1_with_sha256_1) { // Preamble lib_its_security_context_t* lib_its_security_context = NULL; @@ -729,6 +755,214 @@ TEST(lib_its_security_test_suite, sign_with_ecdsa_brainpoolp384r1_with_sha384_4) EXPECT_TRUE(lib_its_security_context == NULL); } +TEST(lib_its_security_test_suite, encrypt_aes_ccm_1) { + // Preamble + lib_its_security_context_t* lib_its_security_context = NULL; + EXPECT_TRUE(initialize(nist_p_256, &lib_its_security_context) == 0); + lib_its_security_context->encryption_algorithm = aes_128_ccm; + lib_its_security_context->sym_key = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->sym_key_length)); + lib_its_security_context->nonce = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->nonce_length)); + + // Test body + size_t plain_text_message_length; + uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); + size_t encrypted_secured_message_length = 0; + uint8_t* encrypted_secured_message = NULL; + EXPECT_TRUE(encrypt_(NULL, plain_text_message, plain_text_message_length, &encrypted_secured_message, &encrypted_secured_message_length) == -1); + EXPECT_TRUE(encrypt_(lib_its_security_context, NULL, plain_text_message_length, &encrypted_secured_message, &encrypted_secured_message_length) == -1); + EXPECT_TRUE(encrypt_(lib_its_security_context, plain_text_message, plain_text_message_length, NULL, &encrypted_secured_message_length) == -1); + + // Postamble + free(plain_text_message); + free(encrypted_secured_message); + EXPECT_TRUE(lib_its_security_context->ec_key != NULL); + EXPECT_TRUE(uninitialize(&lib_its_security_context) == 0); + EXPECT_TRUE(lib_its_security_context == NULL); +} + +TEST(lib_its_security_test_suite, encrypt_aes_ccm_2) { + // Preamble + lib_its_security_context_t* lib_its_security_context = NULL; + EXPECT_TRUE(initialize(nist_p_256, &lib_its_security_context) == 0); + lib_its_security_context->encryption_algorithm = aes_128_ccm; + lib_its_security_context->nonce = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->nonce_length)); + + // Test body + size_t plain_text_message_length; + uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); + size_t encrypted_secured_message_length = 0; + uint8_t* encrypted_secured_message = NULL; + EXPECT_TRUE(encrypt_(lib_its_security_context, plain_text_message, plain_text_message_length, &encrypted_secured_message, &encrypted_secured_message_length) == -1); + + // Postamble + free(plain_text_message); + free(encrypted_secured_message); + EXPECT_TRUE(lib_its_security_context->ec_key != NULL); + EXPECT_TRUE(uninitialize(&lib_its_security_context) == 0); + EXPECT_TRUE(lib_its_security_context == NULL); +} + +TEST(lib_its_security_test_suite, encrypt_aes_ccm_3) { + // Preamble + lib_its_security_context_t* lib_its_security_context = NULL; + EXPECT_TRUE(initialize(nist_p_256, &lib_its_security_context) == 0); + lib_its_security_context->encryption_algorithm = aes_128_ccm; + lib_its_security_context->sym_key = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->sym_key_length)); + + // Test body + size_t plain_text_message_length; + uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); + size_t encrypted_secured_message_length = 0; + uint8_t* encrypted_secured_message = NULL; + EXPECT_TRUE(encrypt_(lib_its_security_context, plain_text_message, plain_text_message_length, &encrypted_secured_message, &encrypted_secured_message_length) == -1); + + // Postamble + free(plain_text_message); + free(encrypted_secured_message); + EXPECT_TRUE(lib_its_security_context->ec_key != NULL); + EXPECT_TRUE(uninitialize(&lib_its_security_context) == 0); + EXPECT_TRUE(lib_its_security_context == NULL); +} + +TEST(lib_its_security_test_suite, encrypt_aes_ccm_4) { + // Preamble + lib_its_security_context_t* lib_its_security_context = NULL; + EXPECT_TRUE(initialize(nist_p_256, &lib_its_security_context) == 0); + lib_its_security_context->encryption_algorithm = aes_128_ccm; + lib_its_security_context->sym_key = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->sym_key_length)); + lib_its_security_context->nonce = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->nonce_length)); + + // Test body + size_t plain_text_message_length; + uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); + size_t encrypted_secured_message_length = 0; + uint8_t* encrypted_secured_message = NULL; + EXPECT_TRUE(encrypt_(lib_its_security_context, plain_text_message, plain_text_message_length, &encrypted_secured_message, &encrypted_secured_message_length) == 0); + EXPECT_TRUE(encrypted_secured_message != NULL); + EXPECT_TRUE(encrypted_secured_message_length == plain_text_message_length); + + // Postamble + free(plain_text_message); + free(encrypted_secured_message); + EXPECT_TRUE(lib_its_security_context->ec_key != NULL); + EXPECT_TRUE(uninitialize(&lib_its_security_context) == 0); + EXPECT_TRUE(lib_its_security_context == NULL); +} + +TEST(lib_its_security_test_suite, decrypt_aes_ccm_1) { + // Preamble + lib_its_security_context_t* lib_its_security_context = NULL; + EXPECT_TRUE(initialize(nist_p_256, &lib_its_security_context) == 0); + lib_its_security_context->encryption_algorithm = aes_128_ccm; + lib_its_security_context->sym_key = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->sym_key_length)); + lib_its_security_context->nonce = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->nonce_length)); + + // Test body + size_t encrypted_secured_message_length = 0; + uint8_t* encrypted_secured_message = hex_to_bin((const int8_t*)"ABABABAB", &encrypted_secured_message_length); + size_t plain_text_message_length = 0; + uint8_t* plain_text_message = NULL; + EXPECT_TRUE(decrypt(NULL, encrypted_secured_message, encrypted_secured_message_length, &plain_text_message, &plain_text_message_length) == -1); + EXPECT_TRUE(decrypt(lib_its_security_context, NULL, encrypted_secured_message_length, &plain_text_message, &plain_text_message_length) == -1); + EXPECT_TRUE(decrypt(lib_its_security_context, encrypted_secured_message, encrypted_secured_message_length, &plain_text_message, &plain_text_message_length) == -1); + + // Postamble + free(plain_text_message); + free(encrypted_secured_message); + EXPECT_TRUE(lib_its_security_context->ec_key != NULL); + EXPECT_TRUE(uninitialize(&lib_its_security_context) == 0); + EXPECT_TRUE(lib_its_security_context == NULL); +} + +TEST(lib_its_security_test_suite, decrypt_aes_ccm_2) { + // Preamble + lib_its_security_context_t* lib_its_security_context = NULL; + EXPECT_TRUE(initialize(nist_p_256, &lib_its_security_context) == 0); + lib_its_security_context->encryption_algorithm = aes_128_ccm; + lib_its_security_context->sym_key = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->sym_key_length)); + lib_its_security_context->nonce = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->nonce_length)); + size_t plain_text_message_length; + uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); + size_t encrypted_secured_message_length = 0; + uint8_t* encrypted_secured_message = NULL; + EXPECT_TRUE(encrypt_(lib_its_security_context, plain_text_message, plain_text_message_length, &encrypted_secured_message, &encrypted_secured_message_length) == 0); + + // Test body + free(lib_its_security_context->sym_key); + lib_its_security_context->sym_key = NULL; + size_t new_plain_text_message_length; + uint8_t* new_plain_text_message = NULL; + EXPECT_TRUE(decrypt(lib_its_security_context, encrypted_secured_message, encrypted_secured_message_length, &new_plain_text_message, &new_plain_text_message_length) == -1); + + // Postamble + free(plain_text_message); + free(encrypted_secured_message); + EXPECT_TRUE(lib_its_security_context->ec_key != NULL); + EXPECT_TRUE(uninitialize(&lib_its_security_context) == 0); + EXPECT_TRUE(lib_its_security_context == NULL); +} + +TEST(lib_its_security_test_suite, decrypt_aes_ccm_3) { + // Preamble + lib_its_security_context_t* lib_its_security_context = NULL; + EXPECT_TRUE(initialize(nist_p_256, &lib_its_security_context) == 0); + lib_its_security_context->encryption_algorithm = aes_128_ccm; + lib_its_security_context->sym_key = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->sym_key_length)); + lib_its_security_context->nonce = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->nonce_length)); + size_t plain_text_message_length; + uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); + size_t encrypted_secured_message_length = 0; + uint8_t* encrypted_secured_message = NULL; + EXPECT_TRUE(encrypt_(lib_its_security_context, plain_text_message, plain_text_message_length, &encrypted_secured_message, &encrypted_secured_message_length) == 0); + + // Test body + free(lib_its_security_context->nonce); + lib_its_security_context->nonce = NULL; + size_t new_plain_text_message_length; + uint8_t* new_plain_text_message = NULL; + EXPECT_TRUE(decrypt(lib_its_security_context, encrypted_secured_message, encrypted_secured_message_length, &new_plain_text_message, &new_plain_text_message_length) == -1); + + // Postamble + free(plain_text_message); + free(encrypted_secured_message); + EXPECT_TRUE(lib_its_security_context->ec_key != NULL); + EXPECT_TRUE(uninitialize(&lib_its_security_context) == 0); + EXPECT_TRUE(lib_its_security_context == NULL); +} + +TEST(lib_its_security_test_suite, decrypt_aes_ccm_4) { + // Preamble + lib_its_security_context_t* lib_its_security_context = NULL; + EXPECT_TRUE(initialize(nist_p_256, &lib_its_security_context) == 0); + lib_its_security_context->encryption_algorithm = aes_128_ccm; + lib_its_security_context->sym_key = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->sym_key_length)); + lib_its_security_context->nonce = hex_to_bin((const int8_t*)"CAFEDECA", &(lib_its_security_context->nonce_length)); + size_t plain_text_message_length; + uint8_t* plain_text_message = hex_to_bin((const int8_t*)"03810040038081BC01800381004003806400104553435259505400000000000000001101008082671439CBFB6E69370113B14E077A6097AACC62945C122D402A6975AF6FF3DAA77C8110455343525950540000000000000000111DCCE0F98400788301028000FA80017C00010180012481030201C04002026F0001C6B773D2F2B0828080217B7AA6442D85721A9DB6F0C2E307BEC1795B33E6957055F504F8F7A5DD1A956788F6A1146998DA44EC4756C8DB2AB46EBD1D3BAB6894FE8667594FAE2B24374002026F0001C6B773D33130828080AE1B9F9D16A35646C4C84CE4A4C3B50C84125356A74A94B009750941DC94A9DB6D91A2B75633AB573B3369C0DE7CCBD44EC08ABB268EA341FCBB53757E5B7589", &plain_text_message_length); + size_t encrypted_secured_message_length = 0; + uint8_t* encrypted_secured_message = NULL; + EXPECT_TRUE(encrypt_(lib_its_security_context, plain_text_message, plain_text_message_length, &encrypted_secured_message, &encrypted_secured_message_length) == 0); + EXPECT_TRUE(encrypted_secured_message != NULL); + + // Test body + size_t new_plain_text_message_length; + uint8_t* new_plain_text_message = NULL; + EXPECT_TRUE(decrypt(lib_its_security_context, encrypted_secured_message, encrypted_secured_message_length, &new_plain_text_message, &new_plain_text_message_length) == 0); + EXPECT_TRUE(new_plain_text_message != NULL); + EXPECT_TRUE(plain_text_message_length == new_plain_text_message_length); + for(size_t i = 0; i < new_plain_text_message_length; i++) { + EXPECT_TRUE(*(new_plain_text_message + i) == *(plain_text_message + i)); + } + + // Postamble + free(plain_text_message); + free(encrypted_secured_message); + free(new_plain_text_message); + EXPECT_TRUE(lib_its_security_context->ec_key != NULL); + EXPECT_TRUE(uninitialize(&lib_its_security_context) == 0); + EXPECT_TRUE(lib_its_security_context == NULL); +} + TEST(lib_its_security_test_suite, encrypt_with_ecies_nistp256_with_sha256_1) { // Preamble lib_its_security_context_t* lib_its_security_context = NULL;