Skip to content
LibItsSecurity_externals.cc 86.3 KiB
Newer Older
  }

  /**
   * \brief    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
   *          This function should not be used by the ATS
   * \param   p_privateKey    The new private key value
   * \param   p_publicKeyX    The new public key value (x coordinate)
   * \param   p_publicKeyX    The new public key value (y coordinate)
   * \return  true on success, false otherwise
   fx_generateKeyPair_nistp256(out octetstring<UInt64> p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
  */
  BOOLEAN fx__generateKeyPair__nistp256(
                                        OCTETSTRING& p__privateKey,
                                        OCTETSTRING& p__publicKeyX,
                                        OCTETSTRING& p__publicKeyY,
                                        OCTETSTRING& p__publicKeyCompressed,
                                        INTEGER& p__compressedMode
                                        ) {
    security_ecc k(ec_elliptic_curves::nist_p_256);
    if (k.generate() != 0) {
      p__privateKey = OCTETSTRING(0, nullptr);
      p__publicKeyX = OCTETSTRING(0, nullptr);
      p__publicKeyY = OCTETSTRING(0, nullptr);
      p__publicKeyCompressed = OCTETSTRING(0, nullptr);
      return FALSE;
    }
    // Sanity checks
    if (k.private_key().lengthof() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid private key size");
      return FALSE;
    }
    if (k.public_key_x().lengthof() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key X-coordonate size");
      return FALSE;
    }
    if (k.public_key_y().lengthof() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public key Y-coordonate size");
      return FALSE;
    }
    if (k.public_key_compressed().lengthof() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__nistp256: Invalid public compressed key size");
      return FALSE;
    }
    p__privateKey = k.private_key();
    p__publicKeyX = k.public_key_x();
    p__publicKeyY = k.public_key_y();
    p__publicKeyCompressed = k.public_key_compressed();
    p__compressedMode = INTEGER((int)k.public_key_compressed_mode());
    
    return TRUE;
  }

  /**
   * \brief    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
   *          This function should not be used by the ATS
   * \param   p_privateKey    The new private key value
   * \param   p_publicKeyX    The new public key value (x coordinate)
   * \param   p_publicKeyX    The new public key value (y coordinate)
   * \return  true on success, false otherwise
   fx_generateKeyPair_nistp256(out octetstring<UInt64> p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
  */
  BOOLEAN fx__generateKeyPair__brainpoolp256(
                                             OCTETSTRING& p__privateKey,
                                             OCTETSTRING& p__publicKeyX,
                                             OCTETSTRING& p__publicKeyY,
                                             OCTETSTRING& p__publicKeyCompressed,
                                             INTEGER& p__compressedMode
                                             ) {
    security_ecc k(ec_elliptic_curves::brainpool_p_256_r1);
    if (k.generate() != 0) {
      p__privateKey = OCTETSTRING(0, nullptr);
      p__publicKeyX = OCTETSTRING(0, nullptr);
      p__publicKeyY = OCTETSTRING(0, nullptr);
      p__publicKeyCompressed = OCTETSTRING(0, nullptr);
      return FALSE;
    }

    // Sanity checks
    if (k.private_key().lengthof() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__brainpoolp256: Invalid private key size");
      return FALSE;
    }
    if (k.public_key_x().lengthof() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__brainpoolp256: Invalid public key X-coordonate size");
      return FALSE;
    }
    if (k.public_key_y().lengthof() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__brainpoolp256: Invalid public key Y-coordonate size");
      return FALSE;
    }
    if (k.public_key_compressed().lengthof() != 32) {
      loggers::get_instance().error("fx__generateKeyPair__brainpoolp256: Invalid public compressed key size");
      return FALSE;
    }
    p__privateKey = k.private_key();
    p__publicKeyX = k.public_key_x();
    p__publicKeyY = k.public_key_y();
    p__publicKeyCompressed = k.public_key_compressed();
    p__compressedMode = INTEGER((int)k.public_key_compressed_mode());
    
    return TRUE;
  }

  /**
   * \brief    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
   *          This function should not be used by the ATS
   * \param   p_privateKey    The new private key value
   * \param   p_publicKeyX    The new public key value (x coordinate)
   * \param   p_publicKeyX    The new public key value (y coordinate)
   * \return  true on success, false otherwise
   fx_generateKeyPair_nistp256(out octetstring<UInt64> p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
  */
  BOOLEAN fx__generateKeyPair__brainpoolp384(
                                             OCTETSTRING& p__privateKey,
                                             OCTETSTRING& p__publicKeyX,
                                             OCTETSTRING& p__publicKeyY,
                                             OCTETSTRING& p__publicKeyCompressed,
                                             INTEGER& p__compressedMode
                                             ) {
    security_ecc k(ec_elliptic_curves::brainpool_p_384_r1);
    if (k.generate() != 0) {
      p__privateKey = OCTETSTRING(0, nullptr);
      p__publicKeyX = OCTETSTRING(0, nullptr);
      p__publicKeyY = OCTETSTRING(0, nullptr);
      p__publicKeyCompressed = OCTETSTRING(0, nullptr);
      return FALSE;
    }

    // Sanity checks
    if (k.private_key().lengthof() != 48) {
      loggers::get_instance().error("fx__generateKeyPair__brainpoolp384: Invalid private key size");
      return FALSE;
    }
    if (k.public_key_x().lengthof() != 48) {
      loggers::get_instance().error("fx__generateKeyPair__brainpoolp384: Invalid public key X-coordonate size");
      return FALSE;
    }
    if (k.public_key_y().lengthof() != 48) {
      loggers::get_instance().error("fx__generateKeyPair__brainpoolp384: Invalid public key Y-coordonate size");
      return FALSE;
    }
    if (k.public_key_compressed().lengthof() != 48) {
      loggers::get_instance().error("fx__generateKeyPair__brainpoolp384: Invalid public compressed key size");
      return FALSE;
    }
    p__privateKey = k.private_key();
    p__publicKeyX = k.public_key_x();
    p__publicKeyY = k.public_key_y();
    p__publicKeyCompressed = k.public_key_compressed();
    p__compressedMode = INTEGER((int)k.public_key_compressed_mode());

    return TRUE;
  }

  //        group encryption

  //        group certificatesLoader

  /** 
   * \brief    Load in memory cache the certificates available in the specified directory
   * \param   p_rootDirectory Root directory to access to the certificates identified by the certificate ID
   * \param   p_configId      A configuration identifier
   * @remark  This method SHALL be call before any usage of certificates
   * \return  true on success, false otherwise
   fx_loadCertificates(in charstring p_rootDirectory, in charstring p_configId) return boolean;
  */
  BOOLEAN fx__loadCertificates(
                               const CHARSTRING& p__rootDirectory,
                               const CHARSTRING& p__configId
                               ) {
    loggers::get_instance().log(">>> fx__loadCertificates: '%s', '%s'", static_cast<const char*>(p__rootDirectory), static_cast<const char*>(p__configId));

    std::string str(static_cast<const char*>(p__rootDirectory));
    if (p__configId.lengthof() != 0) {
      str += "/";
      str += std::string(static_cast<const char*>(p__configId));
    }
    params params;
    params.insert(std::pair<std::string, std::string>(std::string("sec_db_path"), str));
    if (security_services::get_instance().setup(params) == -1) {
      return FALSE;
    }
    
    return TRUE;
  }

YannGarcia's avatar
YannGarcia committed
  BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hash, const OCTETSTRING& p__hash__256, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) {
    loggers::get_instance().log(">>> fx__store__certificate: '%s'", static_cast<const char*>(p__cert__id));

    int result;
    if (!p__private__enc__key.is_omit()) {
      const OCTETSTRING private_enc_key = p__private__enc__key.valueof();
      const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof();
      const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof();
YannGarcia's avatar
YannGarcia committed
      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof());
YannGarcia's avatar
YannGarcia committed
      result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1));
    }
    
    return (result == 0);
  }
  
  /**
   * \brief    Unload from memory cache the certificates
   * \return  true on success, false otherwise
   */
  BOOLEAN fx__unloadCertificates(
) {
    return TRUE;
  }

  /**
   * \brief    Read the specified certificate
   * \param   p_certificate_id the certificate identifier
   * \param   p_certificate   the expected certificate
   * \return  true on success, false otherwise
   */
  BOOLEAN fx__readCertificate(
                              const CHARSTRING& p__certificateId,
                              OCTETSTRING& p__certificate
                              ) {
    loggers::get_instance().log(">>> fx__readCertificate: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_certificate(p__certificateId, p__certificate) == -1) {
      return FALSE;
    }
    
    return TRUE;
  }

  BOOLEAN fx__readCertificateFromDigest(
                                        const OCTETSTRING& p__digest,
Yann Garcia's avatar
Yann Garcia committed
                                        CHARSTRING& p__certificateId
                                        ) {
    loggers::get_instance().log_msg(">>> fx__readCertificateFromDigest: ", p__digest);

    if (security_services::get_instance().read_certificate_from_digest(p__digest, p__certificateId) == -1) {
      return FALSE;
    }
    loggers::get_instance().log_msg("fx__readCertificateFromDigest: ", p__certificateId);
    
    return TRUE;
  }
  
Yann Garcia's avatar
Yann Garcia committed
  BOOLEAN fx__readCertificateFromHashedId3(
                                           const OCTETSTRING& p__digest,
                                           CHARSTRING& p__certificateId
                                           ) {
    loggers::get_instance().log_msg(">>> fx__readCertificateFromHashedId3: ", p__digest);

    if (security_services::get_instance().read_certificate_from_hashed_id3(p__digest, p__certificateId) == -1) {
      return FALSE;
    }
    loggers::get_instance().log_msg("fx__readCertificateFromHashedId3: ", p__certificateId);
    
    return TRUE;
  }
  
  /**
   * \brief    Read the specified certificate digest
   * \param   p_certificate_id the certificate identifier
   * \param   p_digest   the expected certificate
   * \return  true on success, false otherwise
   */
  BOOLEAN fx__readCertificateDigest(
                                    const CHARSTRING& p__certificateId,
                                    OCTETSTRING& p__digest
                                    ) {
    loggers::get_instance().log(">>> fx__readCertificateDigest: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_certificate_digest(p__certificateId, p__digest) == -1) {
      return FALSE;
    }
    
    return TRUE;
  }

  /**
   * \brief   Read the whole-hash of the certificate
   * \param   p_certificate_id the certificate identifier
   * \param   p_hash   the expected certificate
   * \return  true on success, false otherwise
   */
  BOOLEAN fx__readCertificateHash(
Yann Garcia's avatar
Yann Garcia committed
                                  const CHARSTRING& p__certificateId,
                                  OCTETSTRING& p__hash
                                  ) {
    loggers::get_instance().log(">>> fx__readCertificateHash: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_certificate_hash(p__certificateId, p__hash) == -1) {
      return FALSE;
    }

    return TRUE;
  }

YannGarcia's avatar
YannGarcia committed
  /**
   * \brief   Read the whole-hash of the certificate using SHA 256
   * \param   p_certificate_id the certificate identifier
   * \param   p_hash   the expected certificate
   * \return  true on success, false otherwise
   */
  BOOLEAN fx__readCertificateHash256(
                                     const CHARSTRING& p__certificateId,
                                     OCTETSTRING& p__hash
                                     ) {
    loggers::get_instance().log(">>> fx__readCertificateHash256: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_certificate_hash_sha_256(p__certificateId, p__hash) == -1) {
      return FALSE;
    }

    return TRUE;
  }

  /**
   * \brief    Read the private keys for the specified certificate
   * \param   p_certificate_id     the keys identifier
   * \param   p_signingPrivateKey the signing private key
   * \return  true on success, false otherwise
   */
  BOOLEAN fx__readSigningKey(
                             const CHARSTRING& p__certificateId,
                             OCTETSTRING& p__signingPrivateKey
                             ) {
    loggers::get_instance().log(">>> fx__readSigningKey: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_private_key(p__certificateId, p__signingPrivateKey) == -1) {
      return FALSE;
    }
    
    return TRUE;
  }

  /**
   * \brief    Read the private keys for the specified certificate
   * \param   p_keysId            the keys identifier
   * \param   p_encryptPrivateKey the encrypt private key
   * \return  true on success, false otherwise
   fx_readEncryptingKey(in charstring p_keysId, out Oct32 p_encryptingPrivateKey) return boolean;
  */
  BOOLEAN fx__readEncryptingKey(
                                const CHARSTRING& p__certificateId,
                                OCTETSTRING& p__encryptingPrivateKey
                                ) {
    loggers::get_instance().log(">>> fx__readSigningKey: '%s'", static_cast<const char*>(p__certificateId));

    if (security_services::get_instance().read_private_enc_key(p__certificateId, p__encryptingPrivateKey) == -1) {
      return FALSE;
    }

    return TRUE;
  }

  //        group geodesic 

  /*          * \brief    Check that given polygon doesn't have neither self-intersections nor holes.
   * \param   p_region   Polygonal Region
   * \return  true on success, false otherwise
   * @verdict Unchanged
   fx_isValidPolygonalRegion(in PolygonalRegion p_region) return boolean;
  */
  BOOLEAN fx__isValidPolygonalRegion(
                                     const IEEE1609dot2BaseTypes::PolygonalRegion& p__region
                                     ) {
    return TRUE;
  }

  /*          * \brief Check if a polygonal region is inside another one
   * \param p_parent  The main polygonal region
   * \param p_region  The polygonal region to be included
   * \return true on success, false otherwise
   * @verdict Unchanged
   fx_isPolygonalRegionInside(in PolygonalRegion p_parent, in PolygonalRegion p_region) return boolean;
  */
  BOOLEAN fx__isPolygonalRegionInside(
                                      const IEEE1609dot2BaseTypes::PolygonalRegion& p__parent,
                                      const IEEE1609dot2BaseTypes::PolygonalRegion& p__region
                                      ) {
    return TRUE;
  }

  /*          * \brief Check that the location is inside a circular region
   * \param p_region      The circular region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
   * @verdict Unchanged
   fx_isLocationInsideCircularRegion(in CircularRegion p_region, in ThreeDLocation p_location) return boolean;
  */
  BOOLEAN fx__isLocationInsideCircularRegion(
                                             const IEEE1609dot2BaseTypes::CircularRegion& p__region,
                                             const IEEE1609dot2BaseTypes::ThreeDLocation& p__location
                                             ) {
    return TRUE;
  }

  /*          * \brief Check that the location is inside a rectangular region
   * \param p_region      The rectangular region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
   * @verdict Unchanged
   fx_isLocationInsideRectangularRegion(in SequenceOfRectangularRegion p_region, in ThreeDLocation p_location) return boolean;
  */
  BOOLEAN fx__isLocationInsideRectangularRegion(
                                                const IEEE1609dot2BaseTypes::SequenceOfRectangularRegion& p__region,
                                                const IEEE1609dot2BaseTypes::ThreeDLocation& p__location
                                                ) {
    return TRUE;
  }

  /*          * \brief Check that the location is inside a polygonal region
   * \param p_region      The polygonal region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
   * @verdict Unchanged
   fx_isLocationInsidePolygonalRegion(in PolygonalRegion p_region, in ThreeDLocation p_location) return boolean;
  */
  BOOLEAN fx__isLocationInsidePolygonalRegion(
                                              const IEEE1609dot2BaseTypes::PolygonalRegion& p__region,
                                              const IEEE1609dot2BaseTypes::ThreeDLocation& p__location
                                              ) {
    return TRUE;
  }


  /*          * \brief Check if the location is inside an identified region
   * \param p_region      The identified region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
   * @verdict Unchanged
   fx_isLocationInsideIdentifiedRegion(in IdentifiedRegion p_region, in ThreeDLocation p_location) return boolean;
  */
  BOOLEAN fx__isLocationInsideIdentifiedRegion(
                                               const IEEE1609dot2BaseTypes::IdentifiedRegion& p__region,
                                               const IEEE1609dot2BaseTypes::ThreeDLocation& p__location
                                               ) {
    return TRUE;
  }

  /*          * \brief Check if the location is inside an undefined region
   * \param p_region      The identified region to consider
   * \param p_location    The device location
   * \return true on success, false otherwise
   * @verdict Unchanged
   fx_isLocationInsideOtherRegion(in octetstring p_region, in ThreeDLocation p_location) return boolean; 
  */
  BOOLEAN fx__isLocationInsideOtherRegion(
                                          const OCTETSTRING& p_region,
                                          const IEEE1609dot2BaseTypes::ThreeDLocation& p_location
                                          ) {
    return TRUE;
  } 

  /*           * \brief    Check that p_circular_region_1 circular region is included into p_circular_region_2 circular region
   * \param   p_circular_region_1    Circular region 1
   * \param   p_circular_region_2    Circular region 2
   * \return  true on success, false otherwise
   fx_areCirclesInside(in CircularRegion p_circular_region_1, in CircularRegion p_circular_region_2) return boolean;
  */
  BOOLEAN fx__areCirclesInside(
                               const IEEE1609dot2BaseTypes::CircularRegion& p_circular_region_1,
                               const IEEE1609dot2BaseTypes::CircularRegion& p_circular_region_2
                               ) {
    return TRUE;
  }

  /*           * \brief    Check that p_rectanglar_region_1 rectangular region is included into p_rectanglar_region_2 rectangular region
   * \param   p_rectanglar_region_1    Rectangular region 1
   * \param   p_rectanglar_region_2    Rectangular region 2
   * \return  true on success, false otherwise
   fx_areRectanglesInside(in SequenceOfRectangularRegion p_rectanglar_region_1, in SequenceOfRectangularRegion p_rectanglar_region_2) return boolean;
  */
  BOOLEAN fx__areRectanglesInside(
                                  const IEEE1609dot2BaseTypes::SequenceOfRectangularRegion& p_rectanglar_region_1,
                                  const IEEE1609dot2BaseTypes::SequenceOfRectangularRegion& p_rectanglar_region_2
                                  ) {
    return TRUE;
  }

  /*           * \brief    Check that p_polygonal_region_1 polygonal region is included into p_polygonal_region_2 polygonal region
   * \param   p_polygonal_region_1    Polygonal region 1
   * \param   p_polygonal_region_2    Polygonal region 2
   * \return  true on success, false otherwise
   fx_arePolygonsInside(in PolygonalRegion p_polygonal_region_1, in PolygonalRegion p_polygonal_region_2) return boolean;
  */
  BOOLEAN fx__arePolygonsInside(
                                const IEEE1609dot2BaseTypes::PolygonalRegion& p_polygonal_region_1,
                                const IEEE1609dot2BaseTypes::PolygonalRegion& p_polygonal_region_2
                                ) {
    return TRUE;
  }

  /**
   * \brief Convert a spacial coordinate from DMS to DMS
   * \param p_degrees The degrees (D)
   * \param p_minutes The minutes (M)
   * \param p_seconds The seconds (S)
   * \param p_latlon  The latitude/longitude: (N|S|E|W)
   * \return The decimal coordinate on success, 0.0, otherwise
   * @verdict Unchanged
   fx_dms2dd(in Int p_degrees, in Int p_minutes, in float p_seconds, in Oct1 p_latlon) return float;
  */
  FLOAT fx__dms2dd(
                   const INTEGER& p__degrees,
                   const INTEGER& p__minutes,
                   const FLOAT& p__seconds,
                   const OCTETSTRING& p__latlon
                   ) {
    return 0.0;
  }

} // end of namespace