Merge branch 'v1.6_develop_329_GOOSE_signatures' of bitbucket.com:mz-automation/libiec61850 into v1.6_develop_329_GOOSE_signatures

5 months ago · 66f4699248
parent 8ccb14123e d5f3db4091
commit 66f4699248
8 changed files with 192 additions and 19 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -132,10 +132,10 @@ set(USE_PREBUILD_MBEDTLS 1)
 set(MBEDTLS_INCLUDE_DIR ${CONFIG_EXTERNAL_MBEDTLS_INCLUDE_PATH})
 endif(CONFIG_USE_EXTERNAL_MBEDTLS_DYNLIB)
-if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.16)
+if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.28)
 set(WITH_MBEDTLS 1)
-set(MBEDTLS_INCLUDE_DIR "${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.16/include")
+set(MBEDTLS_INCLUDE_DIR "${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.28/include")
-endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.16)
+endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.28)
 if(WITH_MBEDTLS)
--- a/examples/goose_publisher/goose_publisher_example.c
+++ b/examples/goose_publisher/goose_publisher_example.c
@ -62,7 +62,8 @@ main(int argc, char **argv)
        L2Security l2Sec = L2Security_create();
-        L2Security_addKey(l2Sec, 0x12345678, (uint8_t*)key, 16, MC_SEC_SEC_ALGO_NONE, MC_SEC_SIG_ALGO_HMAC_SHA256_256);
+        //L2Security_addKey(l2Sec, 0x12345678, (uint8_t*)key, 16, MC_SEC_SEC_ALGO_NONE, MC_SEC_SIG_ALGO_HMAC_SHA256_256);
        L2Security_addKey(l2Sec, 0x12345678, (uint8_t*)key, 16, MC_SEC_SEC_ALGO_NONE, MC_SEC_SIG_ALGO_AES_GMAC_128);
        L2Security_setActiveKey(l2Sec, 1);
        GoosePublisher_setL2Security(publisher, l2Sec);
--- a/examples/goose_subscriber/goose_subscriber_example.c
+++ b/examples/goose_subscriber/goose_subscriber_example.c
@ -65,12 +65,13 @@ main(int argc, char** argv)
    GooseSubscriber_setDstMac(subscriber, dstMac);
    GooseSubscriber_setAppId(subscriber, 1000);
-    //char* key = "0123456789ABCDEF";
+    char* key = "0123456789ABCDEF";
-    char* key = "0123456789ABCDEG";
+    //char* key = "0123456789ABCDEG";
    L2Security l2Sec = L2Security_create();
-    L2Security_addKey(l2Sec, 0x12345678, (uint8_t*)key, 16, MC_SEC_SEC_ALGO_NONE, MC_SEC_SIG_ALGO_HMAC_SHA256_256);
+    //L2Security_addKey(l2Sec, 0x12345678, (uint8_t*)key, 16, MC_SEC_SEC_ALGO_NONE, MC_SEC_SIG_ALGO_HMAC_SHA256_256);
    L2Security_addKey(l2Sec, 0x12345678, (uint8_t*)key, 16, MC_SEC_SEC_ALGO_NONE, MC_SEC_SIG_ALGO_AES_GMAC_128);
    L2Security_setActiveKey(l2Sec, 1);
    GooseReceiver_setL2Security(receiver, l2Sec);
--- a/hal/CMakeLists.txt
+++ b/hal/CMakeLists.txt
@ -129,7 +129,7 @@ include_directories(
 if(CONFIG_USE_EXTERNAL_MBEDTLS_DYNLIB)
 link_directories(${CONFIG_EXTERNAL_MBEDTLS_DYNLIB_PATH})
 else()
-file(GLOB tls_SRCS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.16/library/*.c)
+file(GLOB tls_SRCS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.28/library/*.c)
 endif(CONFIG_USE_EXTERNAL_MBEDTLS_DYNLIB)
 add_definitions(-DMBEDTLS_CONFIG_FILE="mbedtls_config.h")
--- a/src/goose/goose_sec.c
+++ b/src/goose/goose_sec.c
@ -1,3 +1,26 @@
 /*
 *  l2_security.c
 *
 *  Copyright 2013-2025 Michael Zillgith
 *
 *  This file is part of libIEC61850.
 *
 *  libIEC61850 is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  libIEC61850 is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with libIEC61850.  If not, see <http://www.gnu.org/licenses/>.
 *
 *  See COPYING file for the complete license text.
 */
 #include <stdint.h>
 #include <stdio.h>
@ -6,7 +29,8 @@
 #include "ber_decode.h"
 #include "r_session_crypto.h"
-struct sL2Security {
+struct sL2Security
 {
    RSignatureAlgorithm currentSigAlgo;
    uint32_t timeOfCurrentKey;
@ -73,6 +97,16 @@ L2Security_calculateCRC16(uint8_t* data, int size)
    return calculateCRC(data, size);
 }
 static void
 printBuffer(uint8_t* buffer, int size)
 {
    for (int i = 0; i < size; i++)
    {
        printf("%02x", buffer[i]);
    }
    printf("\n");
 }
 /**
 * \brief Create the security extension
 * 
@ -88,9 +122,9 @@ L2Security_addSecurityExtension(L2Security self, uint8_t* buffer, int start, int
    printf("L2Security_addSecurityExtension: start=%i, length=%i, maxBufSize=%i\n", start, length, maxBufSize);
    if (self->currentSigAlgo != MC_SEC_SIG_ALGO_NONE)
    {
        bool hasIV = false;
        int ivSize = 0;
        int mACSize = 0;
        uint8_t* ivBuf = NULL;
        /* determine length of the mAC */
        if (self->currentSigAlgo == MC_SEC_SIG_ALGO_HMAC_SHA256_128) {
@ -99,8 +133,17 @@ L2Security_addSecurityExtension(L2Security self, uint8_t* buffer, int start, int
        else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_HMAC_SHA256_256) {
            mACSize = 2 + 32;
        }
        else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_AES_GMAC_128) {
            mACSize = 2 + 16;
            ivSize = 12; /* IV size for AES GMAC (recommendation from NIST: https://web.cs.ucdavis.edu/~rogaway/ocb/gcm.pdf) */
        }
        else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_AES_GMAC_256) {
            mACSize = 2 + 32;
            ivSize = 12;  /* IV size for AES GMAC (recommendation from NIST: https://web.cs.ucdavis.edu/~rogaway/ocb/gcm.pdf) */
        }
        else {
            /* signature algorithm not supported */
            printf("Signature algorithm not supported\n");
            return 0;
        }
@ -119,7 +162,8 @@ L2Security_addSecurityExtension(L2Security self, uint8_t* buffer, int start, int
        authValueSize += (2 + BerEncoder_Int32determineEncodedSize(self->timeToNextKey));
        /* IV */
-        if (hasIV) {
+        if (ivSize > 0)
        {
            authValueSize += (2 + ivSize);
        }
@ -157,14 +201,16 @@ L2Security_addSecurityExtension(L2Security self, uint8_t* buffer, int start, int
            bufPos = BerEncoder_encodeInt32WithTL(0x82, self->timeToNextKey, buffer, bufPos);
            /* IV */
-            if (hasIV) {
+            if (ivSize > 0)
-                //TODO encode IV
+            {
                bufPos = BerEncoder_encodeTL(0x83, ivSize, buffer, bufPos);
                ivBuf = buffer + bufPos;
                bufPos += ivSize;
            }
            /* KeyID */
            bufPos = BerEncoder_encodeInt32WithTL(0x84, self->currentKeyId, buffer, bufPos);
            int macEnd = bufPos;
            /* encode mAC */
@ -178,11 +224,46 @@ L2Security_addSecurityExtension(L2Security self, uint8_t* buffer, int start, int
                RSessionCrypto_createHMAC(buffer + start, macEnd - start, self->currentKey, self->currentKeySize, buffer + bufPos, 32);
                bufPos += 32;
            }
            else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_AES_GMAC_128)
            {
                /* create IV */
                if (RSessionCrypto_createRandomData(ivBuf, ivSize) == false) {
                    printf("ERROR - Failed to create random IV\n");
                }
                if (RSessionCrypto_createAES_GMAC(self->currentKey, self->currentKeySize, ivBuf, ivSize, buffer + start, macEnd - start, buffer + bufPos, 16) == false)
                {
                    printf("ERROR - Failed to create GMAC\n");
                }
                bufPos += 16;
            }
            else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_AES_GMAC_256)
            {
                /* create IV */
                if (RSessionCrypto_createRandomData(ivBuf, ivSize) == false) {
                    printf("ERROR - Failed to create random IV\n");
                }
                if (RSessionCrypto_createAES_GMAC(self->currentKey, self->currentKeySize, ivBuf, ivSize, buffer + start, macEnd - start, buffer + bufPos, 32) == false)
                {
                    printf("ERROR - Failed to create GMAC\n");
                }
                bufPos += 32;
            }
            else {
                /* signature algorithm not supported */
                printf("Signature algorithm not supported\n");
                return 0;
            }
        }
        return securityExtensionSize + 2;
    }
-    else {
+    else
    {
        printf("L2_SECURITY: no signature algorithm set\n");
        return 0;
    }
 }
@ -204,6 +285,12 @@ checkSecurityExtension(L2Security self, uint8_t* buffer, int secExtLen, uint8_t*
    else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_HMAC_SHA256_256) {
        mACSize = 2 + 32;
    }
    else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_AES_GMAC_128) {
        mACSize = 2 + 16;
    }
    else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_AES_GMAC_256) {
        mACSize = 2 + 32;
    }
    else {
        /* signature algorithm not supported */
        printf("L2_SECURITY: signature algorithm not supported\n");
@ -320,7 +407,7 @@ checkSecurityExtension(L2Security self, uint8_t* buffer, int secExtLen, uint8_t*
            }
            else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_HMAC_SHA256_256)
            {
-                 printf("Algo: HMAC_SHA256_256\n");
+                printf("Algo: HMAC_SHA256_256\n");
                uint8_t calculatedMac[32];
@ -332,6 +419,54 @@ checkSecurityExtension(L2Security self, uint8_t* buffer, int secExtLen, uint8_t*
                    return false;
                }
            }
            else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_AES_GMAC_128)
            {
                printf("Algo: AES_GMAC_128\n");
                uint8_t calculatedMac[16];
                printf("IV: ");
                printBuffer(ivBuffer, ivSize);
                printf("MAC: ");
                printBuffer(mACBuffer, mACSize);
                if (RSessionCrypto_createAES_GMAC(self->currentKey, self->currentKeySize, ivBuffer, ivSize, macStart, macEnd, calculatedMac, 16) == false)
                {
                    printf("L2_SECURITY: GMAC calculation failed\n");
                    return false;
                }
                if (memcmp(calculatedMac, mACBuffer, 16) != 0)
                {
                    printf("L2_SECURITY: GMAC mismatch\n");
                    return false;
                }
            }
            else if (self->currentSigAlgo == MC_SEC_SIG_ALGO_AES_GMAC_256)
            {
                printf("Algo: AES_GMAC_256\n");
                printf("IV: ");
                printBuffer(ivBuffer, ivSize);
                printf("MAC: ");
                printBuffer(mACBuffer, mACSize);
                uint8_t calculatedMac[8];
                if (RSessionCrypto_createAES_GMAC(self->currentKey, self->currentKeySize, ivBuffer, ivSize, macStart, macEnd, calculatedMac, 32) == false)
                {
                    printf("L2_SECURITY: GMAC calculation failed\n");
                    return false;
                }
                if (memcmp(calculatedMac, mACBuffer, 8) != 0)
                {
                    printf("L2_SECURITY: GMAC mismatch\n");
                    return false;
                }
            }
            else
            {
                printf("L2_SECURITY: signature algorithm not supported\n");
--- a/src/goose/l2_security.h
+++ b/src/goose/l2_security.h
@ -1,7 +1,7 @@
 /*
 *  l2_security.h
 *
- *  Copyright 2022 Michael Zillgith
+ *  Copyright 2022-2025 Michael Zillgith
 *
 *  This file is part of libIEC61850.
 *
@ -53,8 +53,8 @@ typedef enum {
    MC_SEC_SIG_ALGO_HMAC_SHA256_80 = 1,
    MC_SEC_SIG_ALGO_HMAC_SHA256_128 = 2,
    MC_SEC_SIG_ALGO_HMAC_SHA256_256 = 3,
-    MC_SEC_SIG_ALGO_AES_GMAC_64 = 4,
+    MC_SEC_SIG_ALGO_AES_GMAC_128 = 4,
-    MC_SEC_SIG_ALGO_AES_GMAC_128 = 5,
+    MC_SEC_SIG_ALGO_AES_GMAC_256 = 5,
    MC_SEC_SIG_ALGO_HMAC_SHA3_80 = 6,
    MC_SEC_SIG_ALGO_HMAC_SHA3_128 = 7,
    MC_SEC_SIG_ALGO_HMAC_SHA3_256 = 8
--- a/src/r_session/r_session_crypto.h
+++ b/src/r_session/r_session_crypto.h
@ -32,6 +32,9 @@
 LIB61850_INTERNAL bool
 RSessionCrypto_createHMAC(uint8_t* buffer, int bufSize, uint8_t* key, int keySize, uint8_t* hmac, int hmacMaxSize);
 LIB61850_INTERNAL bool
 RSessionCrypto_createAES_GMAC(uint8_t* key, int keySize, uint8_t* iv, int ivSize, uint8_t* addData, int addDataSize, uint8_t* tag, int tagSize);
 LIB61850_INTERNAL bool
 RSessionCrypto_gcmEncryptAndTag(uint8_t* key, int keySize, uint8_t* iv, int ivSize, uint8_t* addData, int addDataSize, uint8_t* encryptData, int encryptDataSize, uint8_t* tag, int tagSize);
--- a/src/r_session/r_session_crypto_mbedtls.c
+++ b/src/r_session/r_session_crypto_mbedtls.c
@ -72,6 +72,39 @@ RSessionCrypto_createHMAC(uint8_t* buffer, int bufSize, uint8_t* key, int keySiz
    return true;
 }
 bool
 RSessionCrypto_createAES_GMAC(uint8_t* key, int keySize, uint8_t* iv, int ivSize, uint8_t* addData, int addDataSize, uint8_t* tag, int tagSize)
 {
    mbedtls_gcm_context gcmCtx;
    mbedtls_gcm_init(&gcmCtx);
    if (mbedtls_gcm_setkey(&gcmCtx, MBEDTLS_CIPHER_ID_AES , (const unsigned char*) key, keySize * 8))
    {
        printf("AES-GCM: Failed to set key\n");
        mbedtls_gcm_free(&gcmCtx);
        return false;
    }
    if (mbedtls_gcm_starts(&gcmCtx, MBEDTLS_GCM_ENCRYPT, iv, ivSize, addData, addDataSize))
    {
        printf("AES-GCM: Failed to start tag calculation\n");
        mbedtls_gcm_free(&gcmCtx);
        return false;
    }
    if (mbedtls_gcm_finish(&gcmCtx, tag, tagSize))
    {
        printf("AES-GCM: Failed to finish tag calculation\n");
        mbedtls_gcm_free(&gcmCtx);
        return false;
    }
    mbedtls_gcm_free(&gcmCtx);
    return true;
 }
 bool
 RSessionCrypto_gcmEncryptAndTag(uint8_t* key, int keySize, uint8_t* iv, int ivSize, uint8_t* addData, int addDataSize, uint8_t* encryptData, int encryptDataSize, uint8_t* tag, int tagSize)
 {