Commit 20a36972 authored by YannGarcia's avatar YannGarcia
Browse files

Closed bug issue #2 (#2)

parent 929120f9

ccsrc/Externals/LibItsSecurity_externals.cc

+135 −0
Original line number Diff line number Diff line
@@ -255,6 +255,57 @@ namespace LibItsSecurity__Functions { 
    return OCTETSTRING(0, nullptr);

  }



  /**

   * \fn OCTETSTRING fx__signWithEcdsaNistp384WithSha384(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey);

   * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2

   * \param[in] p__toBeSignedSecuredMessage The data to be signed

   * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate

   * \param[in] p__privateKey The private key

   * \return The signature value

   */

  OCTETSTRING fx__signWithEcdsaNistp384WithSha384(const OCTETSTRING &p__toBeSignedSecuredMessage, const OCTETSTRING &p__certificateIssuer,

                                                  const OCTETSTRING &p__privateKey) {

    loggers::get_instance().log_msg(">>> fx__signWithEcdsaNistp384WithSha384: data=", p__toBeSignedSecuredMessage);

    loggers::get_instance().log_msg(">>> fx__signWithEcdsaNistp384WithSha384: issuer=", p__certificateIssuer);

    loggers::get_instance().log_msg(">>> fx__signWithEcdsaNistp384WithSha384: private key=", p__privateKey);



    // Sanity checks

    if ((p__certificateIssuer.lengthof() != 48) || (p__privateKey.lengthof() != 48)) {

      loggers::get_instance().log("fx__signWithEcdsaNistp384WithSha384: Wrong parameters");

      return OCTETSTRING(0, nullptr);

    }



    // Calculate the SHA384 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )

    sha384      hash;

    OCTETSTRING hashData1; // Hash (Data input)

    hash.generate(p__toBeSignedSecuredMessage, hashData1);

    OCTETSTRING hashData2;                        // Hash (Signer identifier input)

    if (p__certificateIssuer != int2oct(0, 48)) { // || Hash (Signer identifier input)

      hashData2 = p__certificateIssuer;

    } else {

      hashData2 = hash.get_sha384_empty_string(); // Hash of empty string

    }

    loggers::get_instance().log_msg("fx__signWithEcdsaNistp384WithSha384: Hash (Data input)=", hashData1);

    loggers::get_instance().log_msg("fx__signWithEcdsaNistp384WithSha384: Hash (Signer identifier input)=", hashData2);

    hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)

    OCTETSTRING hashData;   // Hash ( Hash (Data input) || Hash (Signer identifier input) )

    hash.generate(hashData1, hashData);

    loggers::get_instance().log_msg("fx__signWithEcdsaNistp384WithSha384: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);

    // Calculate the signature

    security_ecc k(ec_elliptic_curves::nist_p_384, p__privateKey);

    OCTETSTRING  r_sig;

    OCTETSTRING  s_sig;

    if (k.sign(hashData, r_sig, s_sig) == 0) {

      OCTETSTRING os = r_sig + s_sig;

      loggers::get_instance().log_msg("fx__signWithEcdsaNistp384WithSha384: r_sig= ", r_sig);

      loggers::get_instance().log_msg("fx__signWithEcdsaNistp384WithSha384: s_sig= ", s_sig);

      loggers::get_instance().log_msg("fx__signWithEcdsaNistp384WithSha384: sig= ", os);

      return os;

    }



    return OCTETSTRING(0, nullptr);

  }



  /**

   * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING&

   * p__ecdsaNistp256PublicKeyCompressed); \brief Verify the signature of the specified data based on standard IEEE 1609.2 \param[in] p__toBeVerifiedData The
@@ -542,6 +593,90 @@ namespace LibItsSecurity__Functions { 
    return FALSE;

  }



  /**

   * \fn BOOLEAN fx__verifyWithEcdsaNistp384WithSha384(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING&

   * p__ecdsaBrainpoolp384PublicKeyCompressed); \brief Verify the signature of the specified data based on standard IEEE 1609.2 \param[in] p__toBeVerifiedData

   * The data to be verified \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate \param[in]

   * p__signature The signature \param[in] p__ecdsaBrainpoolp384PublicKeyCompressed The compressed public key (x coordinate only) \return true on success, false

   * otherwise

   */

  BOOLEAN fx__verifyWithEcdsaNistp384WithSha384(const OCTETSTRING &p__toBeVerifiedData, const OCTETSTRING &p__certificateIssuer,

                                                       const OCTETSTRING &p__signature, const OCTETSTRING &p__ecdsaNistp384PublicKeyCompressed,

                                                       const INTEGER &p__compressedMode) {

    // Sanity checks

    if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96) || (p__ecdsaNistp384PublicKeyCompressed.lengthof() != 48)) {

      loggers::get_instance().log("fx__verifyWithEcdsaNistp384WithSha384: Wrong parameters");

      return FALSE;

    }



    // Calculate the SHA384 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )

    sha384      hash;

    OCTETSTRING hashData1; // Hash (Data input)

    hash.generate(p__toBeVerifiedData, hashData1);

    OCTETSTRING hashData2;                        // Hash (Signer identifier input)

    if (p__certificateIssuer != int2oct(0, 48)) { // || Hash (Signer identifier input)

      hashData2 = p__certificateIssuer;

    } else {

      hashData2 = hash.get_sha384_empty_string(); // Hash of empty string

    }

    loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp384WithSha384: Hash (Data input)=", hashData1);

    loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp384WithSha384: Hash (Signer identifier input)=", hashData2);

    hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)

    OCTETSTRING hashData;   // Hash ( Hash (Data input) || Hash (Signer identifier input) )

    hash.generate(hashData1, hashData);

    loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp384WithSha384: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);

    // Check the signature

    security_ecc k(ec_elliptic_curves::nist_p_384, p__ecdsaNistp384PublicKeyCompressed,

                   (p__compressedMode == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);

    if (k.sign_verif(hashData, p__signature) == 0) {

      return TRUE;

    }



    return FALSE;

  }



  /**

   * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384r1WithSha384_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING&

   * p__ecdsaBrainpoolp384PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY); \brief Verify the signature of the specified data based on standard

   * IEEE 1609.2 \param[in] p__toBeVerifiedData The data to be verified \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in

   * case of self signed certificate \param[in] p__signature The signature \param[in] p__ecdsaBrainpoolp384PublicKeyX The public key (x coordinate) \param[in]

   * p__ecdsaBrainpoolp384PublicKeyY The public key (y coordinate) \return true on success, false otherwise

   */

  BOOLEAN fx__verifyWithEcdsaNistp384WithSha384__1(const OCTETSTRING &p__toBeVerifiedData, const OCTETSTRING &p__certificateIssuer,

                                                          const OCTETSTRING &p__signature, const OCTETSTRING &p__ecdsaNistp384PublicKeyX,

                                                          const OCTETSTRING &p__ecdsaNistp384PublicKeyY) {

    // Sanity checks

    if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96) || (p__ecdsaNistp384PublicKeyX.lengthof() != 48) ||

        (p__ecdsaNistp384PublicKeyY.lengthof() != 48)) {

      loggers::get_instance().log("fx__verifyWithEcdsaNistp384WithSha384__1: Wrong parameters");

      return FALSE;

    }



    // Calculate the SHA384 of the hashed data for signing: Hash ( Hash (Data input) || Hash (Signer identifier input) )

    sha384      hash;

    OCTETSTRING hashData1; // Hash (Data input)

    hash.generate(p__toBeVerifiedData, hashData1);

    OCTETSTRING hashData2;                        // Hash (Signer identifier input)

    if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input)

      hashData2 = p__certificateIssuer;

    } else {

      hashData2 = hash.get_sha384_empty_string(); // Hash of empty string

    }

    loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp384WithSha384__1: Hash (Data input)=", hashData1);

    loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp384WithSha384__1: Hash (Signer identifier input)=", hashData2);

    hashData1 += hashData2; // Hash (Data input) || Hash (Signer identifier input)

    OCTETSTRING hashData;   // Hash ( Hash (Data input) || Hash (Signer identifier input) )

    hash.generate(hashData1, hashData);

    loggers::get_instance().log_msg("fx__verifyWithEcdsaNistp384WithSha384__1: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData);

    // Check the signature

    security_ecc k(ec_elliptic_curves::nist_p_384, p__ecdsaNistp384PublicKeyX, p__ecdsaNistp384PublicKeyY);

    if (k.sign_verif(hashData, p__signature) == 0) {

      return TRUE;

    }



    return FALSE;

  }



  /**

   * \fn OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m);

   * \brief Generate a HMAC-SHA256 value based on the provided secret key