STF538: ATS validation (11b2d089) · Commits · ITS - Intelligent Transport Systems / ITS

ccsrc/Externals/LibItsSecurity_externals.cc

+2 −0

Original line number	Diff line number	Diff line
		@@ -27,10 +27,12 @@ namespace LibItsSecurity__Functions
		OCTETSTRING fx__hashWithSha256(
		const OCTETSTRING& p__toBeHashedData
		) {
		loggers::get_instance().log_msg(">>> fx__hashWithSha256: p__toBeHashedData= ", p__toBeHashedData);
		sha256 hash;
		std::vector<unsigned char> tbh(static_cast<const unsigned char >(p__toBeHashedData), p__toBeHashedData.lengthof() + static_cast<const unsigned char >(p__toBeHashedData));
		std::vector<unsigned char> hashData;
		hash.generate(tbh, hashData);
		loggers::get_instance().log_to_hexa("fx__hashWithSha256: hashData= ", hashData.data(), hashData.size());
		return OCTETSTRING(hashData.size(), hashData.data());
		} // End of function fx__hashWithSha256

ccsrc/Protocols/Security/security_services.cc

+39 −37

Original line number	Diff line number	Diff line
		@@ -223,23 +223,16 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
		loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: encoded tbs_data = ", os);
		// Calculate the hash according to the hashId
		OCTETSTRING hashed_data;
		int result = -1;
		if (p_signed_data.hashId() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) {
		result = hash_sha256(os, hashed_data);
		hash_sha256(os, hashed_data);
		} else {
		result = hash_sha384(os, hashed_data);
		hash_sha384(os, hashed_data);
		}
		loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: hashed_data = ", hashed_data);
		if (result != 0) {
		loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Failed to create hash");
		if (p_verify) {
		return -1;
		}
		}
		// Retrieve certificate identifier
		loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signer = ", p_signed_data.signer());
		std::string certificate_id;
		result = -1;
		int result = -1;
		if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_digest)) {
		// Retrieve the certificate identifier from digest
		loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Retrieve the certificate identifier from digest");
		@@ -273,9 +266,12 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
		return -1;
		}
		}
		loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: certificate_id: '%s'", certificate_id.c_str());
		certificate_ids.push_back(certificate_id);
		loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: certificate_ids size: %d", certificate_ids.size());
		} // End of 'for' statement
		certificate_id = certificate_id[0];
		certificate_id = certificate_ids[0];
		loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: After extract_and_store_certificate, certificate_id: '%s'", certificate_id.c_str());
		} else {
		loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier");
		return -1;
		@@ -640,19 +636,14 @@ int security_services::sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_d
		loggers::get_instance().log_msg("security_services::sign_tbs_data: encoded tbs_data = ", os);
		// Hash ToBeSignedData
		OCTETSTRING hashed_data;
		int result = -1;
		if (p_hashAlgorithm == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) {
		result = hash_sha256(os, hashed_data);
		hash_sha256(os, hashed_data);
		} else {
		result = hash_sha384(os, hashed_data);
		hash_sha384(os, hashed_data);
		}
		loggers::get_instance().log_msg("security_services::sign_tbs_data: encoded hashed_data = ", hashed_data);
		if (result != 0) {
		loggers::get_instance().warning("security_services::sign_tbs_data: Failed to create hash");
		return -1;
		}
		// Sign ToBeSignedData
		result = -1;
		int result = -1;
		loggers::get_instance().log("security_services::sign_tbs_data: encoded params::signature = '%s'", p_params[params::signature].c_str());
		loggers::get_instance().log("security_services::sign_tbs_data: encoded params::certificate = '%s'", p_params[params::certificate].c_str());
		if (p_params[params::signature].compare("NISTP-256") == 0) {
		@@ -929,13 +920,29 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
		int security_services::extract_and_store_certificate(const IEEE1609dot2::CertificateBase& p_certificate, std::string& p_certificate_id) {
		loggers::get_instance().log_msg(">>> security_services::extract_and_store_certificate: ", p_certificate);

		// Encode certificate
		etsi_ts103097_certificate_codec codec;
		OCTETSTRING enc_cert;
		codec.encode(p_certificate, enc_cert);
		if (enc_cert.lengthof() == 0) {
		loggers::get_instance().warning("security_services::extract_and_store_certificate: Failed to encode certificate");
		return -1;
		}
		loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Encoded certificate = ", enc_cert);
		int result = -1;
		if (p_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) {
		result = _security_db.get()->get_certificate_id(p_certificate.issuer().sha256AndDigest(), p_certificate_id);
		// Calculate the hash according to the hashId
		OCTETSTRING hash_cert;
		hash_sha256(enc_cert, hash_cert);
		loggers::get_instance().log_msg("security_services::extract_and_store_certificate: hash_cert= ", hash_cert);
		const OCTETSTRING hashed_id8 = substr(hash_cert, hash_cert.lengthof() - 8, 8);
		// Retrieve the certificate identifier from digest
		loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Retrieve the certificate identifier from digest: ", hashed_id8);
		result = _security_db.get()->get_certificate_id(hashed_id8, p_certificate_id);
		if (result == -1) { // Not found in current DB
		if (_security_cache.get()->get_certificate_id(p_certificate.issuer().sha256AndDigest(), p_certificate_id) == -1) { // Not found in TS cache
		if (_security_cache.get()->get_certificate_id(hashed_id8, p_certificate_id) == -1) { // Not found in TS cache
		loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
		const std::vector<unsigned char> v(static_cast<const unsigned char>(p_certificate.issuer().sha256AndDigest()), static_cast<const unsigned char>(p_certificate.issuer().sha256AndDigest()) + p_certificate.issuer().sha256AndDigest().lengthof());
		const std::vector<unsigned char> v(static_cast<const unsigned char>(hashed_id8), static_cast<const unsigned char>(hashed_id8) + hashed_id8.lengthof());
		p_certificate_id = converter::get_instance().bytes_to_hexa(v);
		// Add it into the cache
		OCTETSTRING public_key_x, public_key_y, public_comp_key;
		@@ -951,12 +958,6 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
		loggers::get_instance().error("security_services::extract_and_store_certificate: Unsupported EncryptionKey");
		return -1;
		}
		// Encode certificate
		etsi_ts103097_certificate_codec codec;
		OCTETSTRING enc_cert;
		codec.encode(p_certificate, enc_cert);
		OCTETSTRING hash_cert;
		hash_sha256(enc_cert, hash_cert);
		// And store it into the cache
		_security_cache.get()->store_certificate(
		CHARSTRING(p_certificate_id.c_str()),
		@@ -977,11 +978,18 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
		}
		}
		} else if (p_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) {
		result = _security_db.get()->get_certificate_id(p_certificate.issuer().sha384AndDigest(), p_certificate_id);
		// Calculate the hash according to the hashId
		OCTETSTRING hash_cert;
		hash_sha384(enc_cert, hash_cert);
		loggers::get_instance().log_msg("security_services::extract_and_store_certificate: hash_cert= ", hash_cert);
		const OCTETSTRING hashed_id8 = substr(hash_cert, hash_cert.lengthof() - 8, 8);
		// Retrieve the certificate identifier from digest
		loggers::get_instance().log("security_services::extract_and_store_certificate: Retrieve the certificate identifier from digest");
		result = _security_db.get()->get_certificate_id(hashed_id8, p_certificate_id);
		if (result == -1) {
		if (_security_cache.get()->get_certificate_id(p_certificate.issuer().sha384AndDigest(), p_certificate_id) == -1) {
		if (_security_cache.get()->get_certificate_id(hashed_id8, p_certificate_id) == -1) {
		loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
		const std::vector<unsigned char> v(static_cast<const unsigned char>(p_certificate.issuer().sha384AndDigest()), static_cast<const unsigned char>(p_certificate.issuer().sha384AndDigest()) + p_certificate.issuer().sha384AndDigest().lengthof());
		const std::vector<unsigned char> v(static_cast<const unsigned char>(hashed_id8), static_cast<const unsigned char>(hashed_id8) + hashed_id8.lengthof());
		p_certificate_id = converter::get_instance().bytes_to_hexa(v);
		// Add it into the cache
		OCTETSTRING public_key_x, public_key_y, public_comp_key;
		@@ -997,12 +1005,6 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
		loggers::get_instance().error("security_services::extract_and_store_certificate: Unsupported EncryptionKey");
		return -1;
		}
		// Encode certificate
		etsi_ts103097_certificate_codec codec;
		OCTETSTRING enc_cert;
		codec.encode(p_certificate, enc_cert);
		OCTETSTRING hash_cert;
		hash_sha384(enc_cert, hash_cert);
		// And store it into the cache
		_security_cache.get()->store_certificate(
		CHARSTRING(p_certificate_id.c_str()),