Loading README.md +7 −6 Original line number Original line Diff line number Diff line Loading @@ -106,18 +106,19 @@ NOTE The user password is vagrant. ### Using Docker ### Using Docker Pre-requisites on your host machine: Pre-requisites on your host machine: - Install Virtualbox - Install Virtualbox (For Windows host only) - Install Docker - Install Docker Procedure for a Windows host machine: Procedure for a Windows host machine: - On your host machine, open a the Docker Quickstart Terminal - On your host machine, open a the Docker Quickstart Terminal and change to a working folder such as ./temp/docker_its Procedure for a Linux host machine: Procedure for a Linux host machine: - On your host machine, open a terminal and change to a working folder such as $HOME/temp - On your host machine, open a terminal and change to a working folder such as $HOME/temp/docker_its On your host machine, clone the following items from ETSI ITS protocols project: On your host machine, download the following items from ETSI ITS protocols project: - The docket folder - The docker folder - The .jenkins.sh script file (hidden file) - The .jenkins.sh script file (hidden file) and add the execution rights on it - Check the rights of the script files and the folders From the your current directory, execute the following commands: From the your current directory, execute the following commands: Loading ccsrc/Externals/LibItsSecurity_externals.cc +25 −5 Original line number Original line Diff line number Diff line Loading @@ -587,7 +587,8 @@ namespace LibItsSecurity__Functions * \return The HMAC value resized to 16-byte * \return The HMAC value resized to 16-byte */ */ OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) { OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) { loggers::get_instance().log(">>> fx__hmac__sha256"); loggers::get_instance().log_msg(">>> fx__hmac__sha256: p__k=", p__k); loggers::get_instance().log_msg(">>> fx__hmac__sha256: p__m=", p__m); hmac h(hash_algorithms::sha_256); // TODO Use ec_encryption_algorithm hmac h(hash_algorithms::sha_256); // TODO Use ec_encryption_algorithm OCTETSTRING t; OCTETSTRING t; Loading @@ -595,8 +596,8 @@ namespace LibItsSecurity__Functions loggers::get_instance().warning("fx__hmac__sha256: Failed to generate HMAC"); loggers::get_instance().warning("fx__hmac__sha256: Failed to generate HMAC"); return OCTETSTRING(0, nullptr); return OCTETSTRING(0, nullptr); } } loggers::get_instance().log_msg("fx__hmac__sha256: HMAC: ", t); loggers::get_instance().log_msg("<<< fx__hmac__sha256: HMAC: ", t); return t; return t; } } Loading Loading @@ -1183,7 +1184,7 @@ namespace LibItsSecurity__Functions return TRUE; return TRUE; } } BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hash, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) { BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hash, const OCTETSTRING& p__hash__256, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) { loggers::get_instance().log(">>> fx__store__certificate: '%s'", static_cast<const char*>(p__cert__id)); loggers::get_instance().log(">>> fx__store__certificate: '%s'", static_cast<const char*>(p__cert__id)); int result; int result; Loading @@ -1191,9 +1192,9 @@ namespace LibItsSecurity__Functions const OCTETSTRING private_enc_key = p__private__enc__key.valueof(); const OCTETSTRING private_enc_key = p__private__enc__key.valueof(); const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof(); const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof(); const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof(); const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof(); result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof()); result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof()); } else { } else { result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1)); result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1)); } } return (result == 0); return (result == 0); Loading Loading @@ -1293,6 +1294,25 @@ namespace LibItsSecurity__Functions return TRUE; return TRUE; } } /** * \brief Read the whole-hash of the certificate using SHA 256 * \param p_certificate_id the certificate identifier * \param p_hash the expected certificate * \return true on success, false otherwise */ BOOLEAN fx__readCertificateHash256( const CHARSTRING& p__certificateId, OCTETSTRING& p__hash ) { loggers::get_instance().log(">>> fx__readCertificateHash256: '%s'", static_cast<const char*>(p__certificateId)); if (security_services::get_instance().read_certificate_hash_sha_256(p__certificateId, p__hash) == -1) { return FALSE; } return TRUE; } /** /** * \brief Read the private keys for the specified certificate * \brief Read the private keys for the specified certificate * \param p_certificate_id the keys identifier * \param p_certificate_id the keys identifier Loading ccsrc/Protocols/Security/certificates_loader.cc +25 −14 Original line number Original line Diff line number Diff line Loading @@ -240,41 +240,51 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi public_enc_comp_key = OCTETSTRING(0, nullptr); public_enc_comp_key = OCTETSTRING(0, nullptr); } } OCTETSTRING hash_sha_256; // Whole-certificate hash using SHA-256 sha256 sha; sha.generate(certificate, hash_sha_256); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash for encryption: ", hash_sha_256); OCTETSTRING hash; // Whole-certificate hash OCTETSTRING hash; // Whole-certificate hash OCTETSTRING hashed_id; // Whole-certificate hashedid-8 OCTETSTRING hashed_id; // Whole-certificate hashedid-8 OCTETSTRING issuer; // Certificate issuer OCTETSTRING issuer; // Certificate issuer if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { if (public_key_x.lengthof() == 32) { sha256 sha; hash = hash_sha_256; sha.generate(certificate, hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash); hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); issuer = decoded_certificate.issuer().sha256AndDigest(); } else if (public_key_x.lengthof() == 48) { } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { sha384 sha; sha384 sha; sha.generate(certificate, hash); sha.generate(certificate, hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash); hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); } else { hash = OCTETSTRING(0, nullptr); hash_sha_256 = OCTETSTRING(0, nullptr); hashed_id = int2oct(0, 8); } loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hash: ", hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id); if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { issuer = decoded_certificate.issuer().sha256AndDigest(); } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { issuer = decoded_certificate.issuer().sha384AndDigest(); issuer = decoded_certificate.issuer().sha384AndDigest(); } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_self__)) { } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_self__)) { OCTETSTRING h; if (decoded_certificate.issuer().self__() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) { if (decoded_certificate.issuer().self__() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) { sha256 sha; sha256 sha; sha.generate(certificate, hash); sha.generate(certificate, h); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash); } else { } else { sha384 sha; sha384 sha; sha.generate(certificate, hash); sha.generate(certificate, h); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash); } } hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); issuer = OCTETSTRING(8, static_cast<const unsigned char*>(h) + h.lengthof() - 8); issuer = hashed_id; } else { } else { hash = OCTETSTRING(0, nullptr); hashed_id = int2oct(0, 8); issuer = int2oct(0, 8); issuer = int2oct(0, 8); } } //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hash: ", hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer); // Create new record // Create new record security_db_record* p = new security_db_record( security_db_record* p = new security_db_record( Loading @@ -283,6 +293,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi decoded_certificate, decoded_certificate, issuer, // Hashed ID fo the issuer issuer, // Hashed ID fo the issuer hash, hash, hash_sha_256, hashed_id, // Hashed ID hashed_id, // Hashed ID private_key, // Private key private_key, // Private key public_key_x, // public keys X-coordinate public_key_x, // public keys X-coordinate Loading ccsrc/Protocols/Security/hmac.cc +3 −0 Original line number Original line Diff line number Diff line Loading @@ -12,6 +12,8 @@ #include "hmac.hh" #include "hmac.hh" #include "loggers.hh" int hmac::generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac) { int hmac::generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac) { // Sanity check // Sanity check if (p_buffer.lengthof() == 0) { if (p_buffer.lengthof() == 0) { Loading Loading @@ -40,6 +42,7 @@ int hmac::generate(const unsigned char* p_buffer, const size_t p_buffer_length, ::HMAC_Update(_ctx, p_buffer, p_buffer_length); ::HMAC_Update(_ctx, p_buffer, p_buffer_length); unsigned int length = p_hmac.lengthof(); unsigned int length = p_hmac.lengthof(); ::HMAC_Final(_ctx, (unsigned char*)static_cast<const unsigned char*>(p_hmac), &length); ::HMAC_Final(_ctx, (unsigned char*)static_cast<const unsigned char*>(p_hmac), &length); loggers::get_instance().log_to_hexa("hmac::generate: ", (unsigned char*)static_cast<const unsigned char*>(p_hmac), length); // Resize the hmac // Resize the hmac if (_hash_algorithms == hash_algorithms::sha_256) { if (_hash_algorithms == hash_algorithms::sha_256) { p_hmac = OCTETSTRING(16, static_cast<const unsigned char*>(p_hmac)); p_hmac = OCTETSTRING(16, static_cast<const unsigned char*>(p_hmac)); Loading ccsrc/Protocols/Security/security_cache.cc +18 −2 Original line number Original line Diff line number Diff line Loading @@ -200,6 +200,19 @@ int security_cache::get_hash(const std::string& p_certificate_id, OCTETSTRING& p return 0; return 0; } } int security_cache::get_hash_sha_256(const std::string& p_certificate_id, OCTETSTRING& p_hash) const { loggers::get_instance().log(">>> security_cache::get_hash_sha_256: '%s'", p_certificate_id.c_str()); std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id); if (it == _certificates.cend()) { loggers::get_instance().warning("security_cache::get_hash_sha_256: record not found"); return -1; } p_hash = it->second.get()->hash_sha_256(); return 0; } int security_cache::get_private_key(const std::string& p_certificate_id, OCTETSTRING& p_private_key) const { int security_cache::get_private_key(const std::string& p_certificate_id, OCTETSTRING& p_private_key) const { loggers::get_instance().log(">>> security_cache::get_private_key: '%s'", p_certificate_id.c_str()); loggers::get_instance().log(">>> security_cache::get_private_key: '%s'", p_certificate_id.c_str()); Loading Loading @@ -293,11 +306,11 @@ bool security_cache::fill_vector(OCTETSTRING& p_vector, const OCTETSTRING& p_org return false; return false; } } int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) { int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hash_sha_256, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) { loggers::get_instance().log_msg(">>> security_cache::store_certificate: ", p_cert_id); loggers::get_instance().log_msg(">>> security_cache::store_certificate: ", p_cert_id); std::string key(static_cast<const char*>(p_cert_id)); std::string key(static_cast<const char*>(p_cert_id)); OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hash, hashed_id8, issuer; OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hash, hash_sha_256, hashed_id8, issuer; OCTETSTRING private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key; OCTETSTRING private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key; security_cache::fill_vector(cert, p_cert); security_cache::fill_vector(cert, p_cert); Loading @@ -311,6 +324,7 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST } } security_cache::fill_vector(hash, p_hash); security_cache::fill_vector(hash, p_hash); security_cache::fill_vector(hash_sha_256, p_hash_sha_256); security_cache::fill_vector(hashed_id8, p_hashed_id8); security_cache::fill_vector(hashed_id8, p_hashed_id8); security_cache::fill_vector(issuer, p_issuer); security_cache::fill_vector(issuer, p_issuer); Loading @@ -332,6 +346,7 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST decoded_certificate, decoded_certificate, issuer, // Hashed ID for the issuer issuer, // Hashed ID for the issuer hash, // Whole-certificate hash hash, // Whole-certificate hash hash_sha_256, // Whole-certificate hash using SHA-256 hashed_id8, // Whole-certificate hashed ID hashed_id8, // Whole-certificate hashed ID private_key, // Private key private_key, // Private key public_key_x, // Public key X-coordinate public_key_x, // Public key X-coordinate Loading Loading @@ -379,6 +394,7 @@ void security_cache::dump() const { loggers::get_instance().log_msg("security_cache::dump: issuer = ", p->issuer()); loggers::get_instance().log_msg("security_cache::dump: issuer = ", p->issuer()); loggers::get_instance().log_msg("security_cache::dump: hashed_id = ", p->hashed_id()); loggers::get_instance().log_msg("security_cache::dump: hashed_id = ", p->hashed_id()); loggers::get_instance().log_msg("security_cache::dump: hash = ", p->hash()); loggers::get_instance().log_msg("security_cache::dump: hash = ", p->hash()); loggers::get_instance().log_msg("security_cache::dump: hash_sha_256 = ", p->hash_sha_256()); loggers::get_instance().log_msg("security_cache::dump: private_key = ", p->private_key()); loggers::get_instance().log_msg("security_cache::dump: private_key = ", p->private_key()); loggers::get_instance().log_msg("security_cache::dump: public_key_x = ", p->public_key_x()); loggers::get_instance().log_msg("security_cache::dump: public_key_x = ", p->public_key_x()); loggers::get_instance().log_msg("security_cache::dump: public_key_y = ", p->public_key_y()); loggers::get_instance().log_msg("security_cache::dump: public_key_y = ", p->public_key_y()); Loading Loading
README.md +7 −6 Original line number Original line Diff line number Diff line Loading @@ -106,18 +106,19 @@ NOTE The user password is vagrant. ### Using Docker ### Using Docker Pre-requisites on your host machine: Pre-requisites on your host machine: - Install Virtualbox - Install Virtualbox (For Windows host only) - Install Docker - Install Docker Procedure for a Windows host machine: Procedure for a Windows host machine: - On your host machine, open a the Docker Quickstart Terminal - On your host machine, open a the Docker Quickstart Terminal and change to a working folder such as ./temp/docker_its Procedure for a Linux host machine: Procedure for a Linux host machine: - On your host machine, open a terminal and change to a working folder such as $HOME/temp - On your host machine, open a terminal and change to a working folder such as $HOME/temp/docker_its On your host machine, clone the following items from ETSI ITS protocols project: On your host machine, download the following items from ETSI ITS protocols project: - The docket folder - The docker folder - The .jenkins.sh script file (hidden file) - The .jenkins.sh script file (hidden file) and add the execution rights on it - Check the rights of the script files and the folders From the your current directory, execute the following commands: From the your current directory, execute the following commands: Loading
ccsrc/Externals/LibItsSecurity_externals.cc +25 −5 Original line number Original line Diff line number Diff line Loading @@ -587,7 +587,8 @@ namespace LibItsSecurity__Functions * \return The HMAC value resized to 16-byte * \return The HMAC value resized to 16-byte */ */ OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) { OCTETSTRING fx__hmac__sha256(const OCTETSTRING& p__k, const OCTETSTRING& p__m) { loggers::get_instance().log(">>> fx__hmac__sha256"); loggers::get_instance().log_msg(">>> fx__hmac__sha256: p__k=", p__k); loggers::get_instance().log_msg(">>> fx__hmac__sha256: p__m=", p__m); hmac h(hash_algorithms::sha_256); // TODO Use ec_encryption_algorithm hmac h(hash_algorithms::sha_256); // TODO Use ec_encryption_algorithm OCTETSTRING t; OCTETSTRING t; Loading @@ -595,8 +596,8 @@ namespace LibItsSecurity__Functions loggers::get_instance().warning("fx__hmac__sha256: Failed to generate HMAC"); loggers::get_instance().warning("fx__hmac__sha256: Failed to generate HMAC"); return OCTETSTRING(0, nullptr); return OCTETSTRING(0, nullptr); } } loggers::get_instance().log_msg("fx__hmac__sha256: HMAC: ", t); loggers::get_instance().log_msg("<<< fx__hmac__sha256: HMAC: ", t); return t; return t; } } Loading Loading @@ -1183,7 +1184,7 @@ namespace LibItsSecurity__Functions return TRUE; return TRUE; } } BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hash, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) { BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hash, const OCTETSTRING& p__hash__256, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) { loggers::get_instance().log(">>> fx__store__certificate: '%s'", static_cast<const char*>(p__cert__id)); loggers::get_instance().log(">>> fx__store__certificate: '%s'", static_cast<const char*>(p__cert__id)); int result; int result; Loading @@ -1191,9 +1192,9 @@ namespace LibItsSecurity__Functions const OCTETSTRING private_enc_key = p__private__enc__key.valueof(); const OCTETSTRING private_enc_key = p__private__enc__key.valueof(); const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof(); const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof(); const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof(); const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof(); result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof()); result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof()); } else { } else { result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1)); result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1)); } } return (result == 0); return (result == 0); Loading Loading @@ -1293,6 +1294,25 @@ namespace LibItsSecurity__Functions return TRUE; return TRUE; } } /** * \brief Read the whole-hash of the certificate using SHA 256 * \param p_certificate_id the certificate identifier * \param p_hash the expected certificate * \return true on success, false otherwise */ BOOLEAN fx__readCertificateHash256( const CHARSTRING& p__certificateId, OCTETSTRING& p__hash ) { loggers::get_instance().log(">>> fx__readCertificateHash256: '%s'", static_cast<const char*>(p__certificateId)); if (security_services::get_instance().read_certificate_hash_sha_256(p__certificateId, p__hash) == -1) { return FALSE; } return TRUE; } /** /** * \brief Read the private keys for the specified certificate * \brief Read the private keys for the specified certificate * \param p_certificate_id the keys identifier * \param p_certificate_id the keys identifier Loading
ccsrc/Protocols/Security/certificates_loader.cc +25 −14 Original line number Original line Diff line number Diff line Loading @@ -240,41 +240,51 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi public_enc_comp_key = OCTETSTRING(0, nullptr); public_enc_comp_key = OCTETSTRING(0, nullptr); } } OCTETSTRING hash_sha_256; // Whole-certificate hash using SHA-256 sha256 sha; sha.generate(certificate, hash_sha_256); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash for encryption: ", hash_sha_256); OCTETSTRING hash; // Whole-certificate hash OCTETSTRING hash; // Whole-certificate hash OCTETSTRING hashed_id; // Whole-certificate hashedid-8 OCTETSTRING hashed_id; // Whole-certificate hashedid-8 OCTETSTRING issuer; // Certificate issuer OCTETSTRING issuer; // Certificate issuer if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { if (public_key_x.lengthof() == 32) { sha256 sha; hash = hash_sha_256; sha.generate(certificate, hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash); hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); issuer = decoded_certificate.issuer().sha256AndDigest(); } else if (public_key_x.lengthof() == 48) { } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { sha384 sha; sha384 sha; sha.generate(certificate, hash); sha.generate(certificate, hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash); hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); } else { hash = OCTETSTRING(0, nullptr); hash_sha_256 = OCTETSTRING(0, nullptr); hashed_id = int2oct(0, 8); } loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hash: ", hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id); if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { issuer = decoded_certificate.issuer().sha256AndDigest(); } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { issuer = decoded_certificate.issuer().sha384AndDigest(); issuer = decoded_certificate.issuer().sha384AndDigest(); } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_self__)) { } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_self__)) { OCTETSTRING h; if (decoded_certificate.issuer().self__() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) { if (decoded_certificate.issuer().self__() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) { sha256 sha; sha256 sha; sha.generate(certificate, hash); sha.generate(certificate, h); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash); } else { } else { sha384 sha; sha384 sha; sha.generate(certificate, hash); sha.generate(certificate, h); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash); } } hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8); issuer = OCTETSTRING(8, static_cast<const unsigned char*>(h) + h.lengthof() - 8); issuer = hashed_id; } else { } else { hash = OCTETSTRING(0, nullptr); hashed_id = int2oct(0, 8); issuer = int2oct(0, 8); issuer = int2oct(0, 8); } } //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hash: ", hash); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id); //loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer); // Create new record // Create new record security_db_record* p = new security_db_record( security_db_record* p = new security_db_record( Loading @@ -283,6 +293,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi decoded_certificate, decoded_certificate, issuer, // Hashed ID fo the issuer issuer, // Hashed ID fo the issuer hash, hash, hash_sha_256, hashed_id, // Hashed ID hashed_id, // Hashed ID private_key, // Private key private_key, // Private key public_key_x, // public keys X-coordinate public_key_x, // public keys X-coordinate Loading
ccsrc/Protocols/Security/hmac.cc +3 −0 Original line number Original line Diff line number Diff line Loading @@ -12,6 +12,8 @@ #include "hmac.hh" #include "hmac.hh" #include "loggers.hh" int hmac::generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac) { int hmac::generate(const OCTETSTRING p_buffer, const OCTETSTRING p_secret_key, OCTETSTRING& p_hmac) { // Sanity check // Sanity check if (p_buffer.lengthof() == 0) { if (p_buffer.lengthof() == 0) { Loading Loading @@ -40,6 +42,7 @@ int hmac::generate(const unsigned char* p_buffer, const size_t p_buffer_length, ::HMAC_Update(_ctx, p_buffer, p_buffer_length); ::HMAC_Update(_ctx, p_buffer, p_buffer_length); unsigned int length = p_hmac.lengthof(); unsigned int length = p_hmac.lengthof(); ::HMAC_Final(_ctx, (unsigned char*)static_cast<const unsigned char*>(p_hmac), &length); ::HMAC_Final(_ctx, (unsigned char*)static_cast<const unsigned char*>(p_hmac), &length); loggers::get_instance().log_to_hexa("hmac::generate: ", (unsigned char*)static_cast<const unsigned char*>(p_hmac), length); // Resize the hmac // Resize the hmac if (_hash_algorithms == hash_algorithms::sha_256) { if (_hash_algorithms == hash_algorithms::sha_256) { p_hmac = OCTETSTRING(16, static_cast<const unsigned char*>(p_hmac)); p_hmac = OCTETSTRING(16, static_cast<const unsigned char*>(p_hmac)); Loading
ccsrc/Protocols/Security/security_cache.cc +18 −2 Original line number Original line Diff line number Diff line Loading @@ -200,6 +200,19 @@ int security_cache::get_hash(const std::string& p_certificate_id, OCTETSTRING& p return 0; return 0; } } int security_cache::get_hash_sha_256(const std::string& p_certificate_id, OCTETSTRING& p_hash) const { loggers::get_instance().log(">>> security_cache::get_hash_sha_256: '%s'", p_certificate_id.c_str()); std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id); if (it == _certificates.cend()) { loggers::get_instance().warning("security_cache::get_hash_sha_256: record not found"); return -1; } p_hash = it->second.get()->hash_sha_256(); return 0; } int security_cache::get_private_key(const std::string& p_certificate_id, OCTETSTRING& p_private_key) const { int security_cache::get_private_key(const std::string& p_certificate_id, OCTETSTRING& p_private_key) const { loggers::get_instance().log(">>> security_cache::get_private_key: '%s'", p_certificate_id.c_str()); loggers::get_instance().log(">>> security_cache::get_private_key: '%s'", p_certificate_id.c_str()); Loading Loading @@ -293,11 +306,11 @@ bool security_cache::fill_vector(OCTETSTRING& p_vector, const OCTETSTRING& p_org return false; return false; } } int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) { int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hash_sha_256, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) { loggers::get_instance().log_msg(">>> security_cache::store_certificate: ", p_cert_id); loggers::get_instance().log_msg(">>> security_cache::store_certificate: ", p_cert_id); std::string key(static_cast<const char*>(p_cert_id)); std::string key(static_cast<const char*>(p_cert_id)); OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hash, hashed_id8, issuer; OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hash, hash_sha_256, hashed_id8, issuer; OCTETSTRING private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key; OCTETSTRING private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key; security_cache::fill_vector(cert, p_cert); security_cache::fill_vector(cert, p_cert); Loading @@ -311,6 +324,7 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST } } security_cache::fill_vector(hash, p_hash); security_cache::fill_vector(hash, p_hash); security_cache::fill_vector(hash_sha_256, p_hash_sha_256); security_cache::fill_vector(hashed_id8, p_hashed_id8); security_cache::fill_vector(hashed_id8, p_hashed_id8); security_cache::fill_vector(issuer, p_issuer); security_cache::fill_vector(issuer, p_issuer); Loading @@ -332,6 +346,7 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST decoded_certificate, decoded_certificate, issuer, // Hashed ID for the issuer issuer, // Hashed ID for the issuer hash, // Whole-certificate hash hash, // Whole-certificate hash hash_sha_256, // Whole-certificate hash using SHA-256 hashed_id8, // Whole-certificate hashed ID hashed_id8, // Whole-certificate hashed ID private_key, // Private key private_key, // Private key public_key_x, // Public key X-coordinate public_key_x, // Public key X-coordinate Loading Loading @@ -379,6 +394,7 @@ void security_cache::dump() const { loggers::get_instance().log_msg("security_cache::dump: issuer = ", p->issuer()); loggers::get_instance().log_msg("security_cache::dump: issuer = ", p->issuer()); loggers::get_instance().log_msg("security_cache::dump: hashed_id = ", p->hashed_id()); loggers::get_instance().log_msg("security_cache::dump: hashed_id = ", p->hashed_id()); loggers::get_instance().log_msg("security_cache::dump: hash = ", p->hash()); loggers::get_instance().log_msg("security_cache::dump: hash = ", p->hash()); loggers::get_instance().log_msg("security_cache::dump: hash_sha_256 = ", p->hash_sha_256()); loggers::get_instance().log_msg("security_cache::dump: private_key = ", p->private_key()); loggers::get_instance().log_msg("security_cache::dump: private_key = ", p->private_key()); loggers::get_instance().log_msg("security_cache::dump: public_key_x = ", p->public_key_x()); loggers::get_instance().log_msg("security_cache::dump: public_key_x = ", p->public_key_x()); loggers::get_instance().log_msg("security_cache::dump: public_key_y = ", p->public_key_y()); loggers::get_instance().log_msg("security_cache::dump: public_key_y = ", p->public_key_y()); Loading
