various fixes in security

057eda8c · filatov · 948a10a0 · 057eda8c · 057eda8c · 057eda8c
Commit 057eda8c authored Aug 06, 2018 by filatov
--- a/ccsrc/Protocols/Security/certificates_loader.cc
+++ b/ccsrc/Protocols/Security/certificates_loader.cc
@@ -112,7 +112,7 @@ int certificates_loader::retrieve_certificates_list(std::set<std::experimental::
      }
    } // End of 'for' statement
  } // End of 'for' statement
-  //loggers::get_instance().log("certificates_loader::retrieve_certificates_list: # of files to cache: %d", p_files.size());
+  loggers::get_instance().log("certificates_loader::retrieve_certificates_list: # of files to cache: %d", p_files.size());
  if (p_files.size() == 0) {
    loggers::get_instance().warning("certificates_loader::retrieve_certificates_list: No certificate found");
    return -1;
@@ -130,6 +130,12 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
    std::experimental::filesystem::path p = *it;
    const std::string& key = p.stem();
    loggers::get_instance().log("certificates_loader::build_certificates_cache: Key = '%s'", key.c_str());
+
+    if(p_certificates.find(key) != p_certificates.cend()) {
+      p_files.erase(it);
+      it = p_files.cbegin();
+      continue;
+    }
    
    // Load certificate file
    it = p_files.find(p.replace_extension(_certificateExt));

--- a/ccsrc/Protocols/Security/security_cache.cc
+++ b/ccsrc/Protocols/Security/security_cache.cc
@@ -200,33 +200,43 @@ int security_cache::get_public_enc_comp_key(const std::string& p_certificate_id,
  return 0;
 }

+static bool fill_vector(std::vector<unsigned char>& v, const OCTETSTRING& o) {
+  if(o.is_bound()) {
+    v.assign(static_cast<const unsigned char*>(o), static_cast<const unsigned char*>(o) + o.lengthof());
+    return true;
+  }else{
+    v.clear();
+    return false;
+  }
+}
+
 int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) {
  loggers::get_instance().log_msg(">>> security_cache::store_certificate: ", p_cert_id);

  std::string key(static_cast<const char*>(p_cert_id));
-  std::vector<unsigned char> cert(static_cast<const unsigned char*>(p_cert), static_cast<const unsigned char*>(p_cert) + p_cert.lengthof());
-  std::vector<unsigned char> private_key(static_cast<const unsigned char*>(p_private_key), static_cast<const unsigned char*>(p_private_key) + p_private_key.lengthof());
-  std::vector<unsigned char> public_key_x(static_cast<const unsigned char*>(p_public_key_x), static_cast<const unsigned char*>(p_public_key_x) + p_public_key_x.lengthof());
-  std::vector<unsigned char> public_key_y(static_cast<const unsigned char*>(p_public_key_y), static_cast<const unsigned char*>(p_public_key_y) + p_public_key_y.lengthof());
-  std::vector<unsigned char> public_comp_key(static_cast<const unsigned char*>(p_public_compressed_key), static_cast<const unsigned char*>(p_public_compressed_key) + p_public_compressed_key.lengthof());
-  public_comp_key.insert(public_comp_key.begin(), (unsigned char)(2 + p_public_compressed_key_mode)); // Add one byte to indicate cmpressed-y-0 (0x02) or compressed-y-1 (0x03)
-  loggers::get_instance().log_to_hexa("security_cache::store_certificate: public_comp_key: ", public_comp_key.data(), public_comp_key.size());
-  
-  std::vector<unsigned char> hashed_id8(static_cast<const unsigned char*>(p_hashed_id8), static_cast<const unsigned char*>(p_hashed_id8) + p_hashed_id8.lengthof());
-  std::vector<unsigned char> issuer(static_cast<const unsigned char*>(p_issuer), static_cast<const unsigned char*>(p_issuer) + p_issuer.lengthof());
-
-  std::vector<unsigned char> private_enc_key;
-  std::vector<unsigned char> public_enc_key_x;
-  std::vector<unsigned char> public_enc_key_y;
-  std::vector<unsigned char> public_enc_comp_key;
-  if ((p_private_enc_key.is_bound() != 0) && (p_private_enc_key.lengthof() != 0)) {
-    private_enc_key.assign(static_cast<const unsigned char*>(p_private_enc_key), static_cast<const unsigned char*>(p_private_enc_key) + p_private_enc_key.lengthof());
-    public_enc_key_x.assign(static_cast<const unsigned char*>(p_public_enc_key_x), static_cast<const unsigned char*>(p_public_enc_key_x) + p_public_enc_key_x.lengthof());
-    public_enc_key_y.assign(static_cast<const unsigned char*>(p_public_enc_key_y), static_cast<const unsigned char*>(p_public_enc_key_y) + p_public_enc_key_y.lengthof());
-    public_enc_comp_key.assign(static_cast<const unsigned char*>(p_public_enc_compressed_key), static_cast<const unsigned char*>(p_public_enc_compressed_key) + p_public_enc_compressed_key.lengthof());
+  std::vector<unsigned char> cert, private_key, public_key_x, public_key_y, public_comp_key, hashed_id8, issuer;
+  std::vector<unsigned char> private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key;
+
+  fill_vector(cert, p_cert);
+  fill_vector(private_key, p_private_key);
+
+  fill_vector(public_key_x,       p_public_key_x);      
+  fill_vector(public_key_y,       p_public_key_y);
+  if(fill_vector(public_comp_key,    p_public_compressed_key)){
+    public_comp_key.insert(public_comp_key.begin(), (unsigned char)(2 + p_public_compressed_key_mode)); // Add one byte to indicate cmpressed-y-0 (0x02) or compressed-y-1 (0x03)
+    loggers::get_instance().log_to_hexa("security_cache::store_certificate: public_comp_key: ", public_comp_key.data(), public_comp_key.size());
+  }
+
+  fill_vector(hashed_id8,         p_hashed_id8);
+  fill_vector(issuer,             p_issuer); 
+                                                      
+  fill_vector(private_enc_key,     p_private_enc_key);
+  fill_vector(public_enc_key_x,    p_public_enc_key_x);  
+  fill_vector(public_enc_key_y,    p_public_enc_key_y);   
+  if(fill_vector(public_enc_comp_key, p_public_enc_compressed_key)) {
    public_enc_comp_key.insert(public_enc_comp_key.begin(), (unsigned char)(2 + p_public_compressed_key_mode)); // Add one byte to indicate cmpressed-y-0 (0x02) or compressed-y-1 (0x03)
    loggers::get_instance().log_to_hexa("security_cache::store_certificate: public_enc_comp_key: ", public_enc_comp_key.data(), public_enc_comp_key.size());
-  } // else, no encryption keys
+  }
  
  IEEE1609dot2::CertificateBase decoded_certificate;
  etsi_ts103097_certificate_codec codec;

--- a/ccsrc/Protocols/Security/security_services.cc
+++ b/ccsrc/Protocols/Security/security_services.cc
@@ -760,19 +760,19 @@ int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609do
 }

 int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params) {
-  loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_nistp256: ", p_hash);
+  loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_nistp256:", p_hash);
  
  OCTETSTRING public_key_x;
  OCTETSTRING public_key_y;
  if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) {
-    loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256: Failed to get public keys");
+    loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256 (%s): Failed to get public keys", p_certificate_id.c_str());
    return -1;
  }
  
  // Generate the hash to be verified: Hash ( Hash (Data input) || Hash (Signer identifier input) )
  OCTETSTRING issuer;
  if (_security_db->get_hash(p_certificate_id, issuer) != 0) {
-    loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256: Failed to get hash of the issuer certificate");
+    loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256 (%s): Failed to get hash of the issuer certificate", p_certificate_id.c_str());
    return -1;
  }
  std::vector<unsigned char> hash_issuer(static_cast<const unsigned char*>(issuer), issuer.lengthof() + static_cast<const unsigned char*>(issuer)); // Hash (Signer identifier input)
@@ -796,7 +796,7 @@ int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, con
  } else if (p_signature.ecdsaNistP256Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
    os = p_signature.ecdsaNistP256Signature().rSig().uncompressedP256().x() + p_signature.ecdsaNistP256Signature().rSig().uncompressedP256().y() + p_signature.ecdsaNistP256Signature().sSig();
  } else {
-    loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256: Invalid curve point");
+    loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256 (%s): Invalid curve point", p_certificate_id.c_str());
    return -1;
  }
  std::vector<unsigned char> signature(static_cast<const unsigned char *>(os), static_cast<const unsigned char *>(os) + os.lengthof());