Validation with Escrypt PKI (3125ee23) · Commits · ITS - Intelligent Transport Systems / ITS

ccsrc/Externals/LibItsSecurity_externals.cc

+19 −4

Original line number	Diff line number	Diff line
		@@ -1224,7 +1224,8 @@ namespace LibItsSecurity__Functions

		BOOLEAN fx__readCertificateFromDigest(
		const OCTETSTRING& p__digest,
		CHARSTRING& p__certificateId) {
		CHARSTRING& p__certificateId
		) {
		loggers::get_instance().log_msg(">>> fx__readCertificateFromDigest: ", p__digest);

		if (security_services::get_instance().read_certificate_from_digest(p__digest, p__certificateId) == -1) {
		@@ -1235,6 +1236,20 @@ namespace LibItsSecurity__Functions
		return TRUE;
		}

		BOOLEAN fx__readCertificateFromHashedId3(
		const OCTETSTRING& p__digest,
		CHARSTRING& p__certificateId
		) {
		loggers::get_instance().log_msg(">>> fx__readCertificateFromHashedId3: ", p__digest);

		if (security_services::get_instance().read_certificate_from_hashed_id3(p__digest, p__certificateId) == -1) {
		return FALSE;
		}
		loggers::get_instance().log_msg("fx__readCertificateFromHashedId3: ", p__certificateId);

		return TRUE;
		}

		/**
		* \brief Read the specified certificate digest
		* \param p_certificate_id the certificate identifier

ccsrc/Protocols/Commsignia/commsignia_layer.cc

+9 −9

Original line number	Diff line number	Diff line
		@@ -45,16 +45,16 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
		const unsigned char* p = static_cast<const unsigned char *>(data);

		const commsignia_layer::c2p_recv* r = (const commsignia_layer::c2p_recv*)p;
		//loggers::get_instance().log("commsignia_layer::receive_data: version=%02x", r->version);
		//loggers::get_instance().log("commsignia_layer::receive_data: timestamp1=%08x", ntohl(r->timestamp_sec));
		//loggers::get_instance().log("commsignia_layer::receive_data: timestamp2=%08x", ntohl(r->timestamp_msec));
		//loggers::get_instance().log("commsignia_layer::receive_data: timestamp2=%08x", ntohl(r->timestamp_msec));
		//loggers::get_instance().log("commsignia_layer::receive_data: antenna=%02x", r->antenna);
		//loggers::get_instance().log("commsignia_layer::receive_data: rssi_ant2=%02x", r->rssi_ant2);
		//loggers::get_instance().log("commsignia_layer::receive_data: noise_ant1=%02x", r->noise_ant1);
		//loggers::get_instance().log("commsignia_layer::receive_data: noise_ant2=%02x", r->noise_ant2);
		loggers::get_instance().log("commsignia_layer::receive_data: version=%02x", r->version);
		loggers::get_instance().log("commsignia_layer::receive_data: timestamp1=%08x", ntohl(r->timestamp_sec));
		loggers::get_instance().log("commsignia_layer::receive_data: timestamp2=%08x", ntohl(r->timestamp_msec));
		loggers::get_instance().log("commsignia_layer::receive_data: timestamp2=%08x", ntohl(r->timestamp_msec));
		loggers::get_instance().log("commsignia_layer::receive_data: antenna=%02x", r->antenna);
		loggers::get_instance().log("commsignia_layer::receive_data: rssi_ant2=%02x", r->rssi_ant2);
		loggers::get_instance().log("commsignia_layer::receive_data: noise_ant1=%02x", r->noise_ant1);
		loggers::get_instance().log("commsignia_layer::receive_data: noise_ant2=%02x", r->noise_ant2);
		// Filtering on antenna index
		//loggers::get_instance().log("commsignia_layer::receive_data: compare %02x with %02x", r->antenna, static_cast<unsigned char>(std::strtoul(_params[params::interface_id].c_str(), NULL, 10)));
		loggers::get_instance().log("commsignia_layer::receive_data: compare %02x with %02x", r->antenna, static_cast<unsigned char>(std::strtoul(_params[params::interface_id].c_str(), NULL, 10)));
		if (r->antenna != static_cast<unsigned char>(std::strtoul(_params[params::interface_id].c_str(), NULL, 10))) {
		// Discard packet
		loggers::get_instance().warning("commsignia_layer::receive_data: Discard packet due to wrong antenna id");

ccsrc/Protocols/Http/http_codec.cc

+49 −29

Original line number	Diff line number	Diff line
		@@ -138,13 +138,13 @@ int http_codec::encode_request(const LibItsHttp__TypesAndValues::Request& p_requ
		p_encoding_buffer.put_cs(int2str(p_request.version__minor()));
		p_encoding_buffer.put_cs("\r\n");

		// Encode headers excepeted the Content-length
		// Encode headers excepeted the Content-Length
		const LibItsHttp__TypesAndValues::HeaderLines& headers = p_request.header();
		std::string content_type;
		for (int i = 0; i < headers.size_of(); i++) {
		const LibItsHttp__TypesAndValues::HeaderLine& header = headers[i];
		loggers::get_instance().log_msg("http_codec::encode_request: Processing header ", header.header__name());
		if (std::string(static_cast<const char*>(header.header__name())).compare("Content-length") == 0) { // Skip it, processed later
		if (std::string(static_cast<const char*>(header.header__name())).compare("Content-Length") == 0) { // Skip it, processed later
		loggers::get_instance().log("http_codec::encode_request: Skip it");
		continue;
		} else {
		@@ -155,8 +155,8 @@ int http_codec::encode_request(const LibItsHttp__TypesAndValues::Request& p_requ
		const LibItsHttp__TypesAndValues::charstring__list& v = dynamic_cast<const OPTIONAL<LibItsHttp__TypesAndValues::charstring__list> &>(o);
		if (v.size_of() > 0) {
		loggers::get_instance().log_msg("http_codec::encode_request: Processing value ", v[0]);
		if (std::string(static_cast<const char*>(header.header__name())).compare("Content-type") == 0) { // Store it for HTTP body payload encoding
		loggers::get_instance().log("http_codec::encode_request: Storing Content-type");
		if (std::string(static_cast<const char*>(header.header__name())).compare("Content-Type") == 0) { // Store it for HTTP body payload encoding
		loggers::get_instance().log("http_codec::encode_request: Storing Content-Yype");
		int j = 0;
		while (j < v.size_of()) {
		content_type += v[j++];
		@@ -196,10 +196,10 @@ int http_codec::encode_request(const LibItsHttp__TypesAndValues::Request& p_requ
		_ec.is_content_length_present = 0x00;
		}

		// Encode Content-length header
		p_encoding_buffer.put_cs("Content-length: ");
		// Encode Content-Length header
		p_encoding_buffer.put_cs("Content-Length: ");
		if (_ec.length != 0) {
		loggers::get_instance().log("http_codec::encode_request: Content-length: %s", static_cast<const char>(int2str(_ec.length + 2/Stand for the last CRLF*/)));
		loggers::get_instance().log("http_codec::encode_request: Content-Length: %s", static_cast<const char>(int2str(_ec.length + 2/Stand for the last CRLF*/)));
		p_encoding_buffer.put_cs(static_cast<const char>(int2str(_ec.length + 2/Stand for the last CRLF*/)));
		_ec.is_content_length_present = 0x01;
		} else {
		@@ -236,7 +236,7 @@ int http_codec::encode_response (const LibItsHttp__TypesAndValues::Response& p_r
		}
		p_encoding_buffer.put_cs("\r\n");

		// Encode headers excepeted the Content-length
		// Encode headers excepeted the Content-Length
		const LibItsHttp__TypesAndValues::HeaderLines& headers = p_response.header();
		std::string content_type;
		for (int i = 0; i < headers.size_of(); i++) {
		@@ -252,7 +252,7 @@ int http_codec::encode_response (const LibItsHttp__TypesAndValues::Response& p_r
		const LibItsHttp__TypesAndValues::charstring__list& v = dynamic_cast<const OPTIONAL<LibItsHttp__TypesAndValues::charstring__list> &>(o);
		if (v.size_of() > 0) {
		loggers::get_instance().log_msg("http_codec::encode_response: Processing value ", v[0]);
		if (std::string(static_cast<const char*>(header.header__name())).compare("Content-type") == 0) { // Store it for HTTP body payload encoding
		if (std::string(static_cast<const char*>(header.header__name())).compare("Content-Type") == 0) { // Store it for HTTP body payload encoding
		int j = 1;
		while (j < v.size_of()) {
		content_type += v[j++];
		@@ -292,7 +292,7 @@ int http_codec::encode_response (const LibItsHttp__TypesAndValues::Response& p_r
		_ec.is_content_length_present = 0x00;
		}

		// Encode Content-length header
		// Encode Content-Length header
		if (_ec.length != 0) {
		p_encoding_buffer.put_cs(int2str(_ec.length + 2/Stand for the last CRLF/));
		_ec.is_content_length_present = 0x01;
		@@ -300,7 +300,7 @@ int http_codec::encode_response (const LibItsHttp__TypesAndValues::Response& p_r
		p_encoding_buffer.put_cs("0");
		_ec.is_content_length_present = 0x00;
		}
		loggers::get_instance().log("http_codec::encode_response: Content-length: %d - %x", _ec.length, _ec.is_content_length_present);
		loggers::get_instance().log("http_codec::encode_response: Content-Length: %d - %x", _ec.length, _ec.is_content_length_present);
		p_encoding_buffer.put_cs("\r\n");

		p_encoding_buffer.put_cs("\r\n");
		@@ -370,6 +370,7 @@ int http_codec::decode_header(CHARSTRING& header_line, LibItsHttp__TypesAndValue
		} else if (m[1].str().compare("Transfer-Encoding") == 0) {
		if (m[2].str().find("chunked") != std::string::npos) {
		_dc.chunked = true;
		loggers::get_instance().log("http_codec::decode_header: decoded Transfer-Encoding %x", _dc.chunked);
		}
		}

		@@ -431,7 +432,7 @@ int http_codec::encode_body(const LibItsHttp__MessageBodyTypes::HttpMessageBody&
		} else {
		std::map<std::string, std::unique_ptr<codec<Record_Type, Record_Type> > >::const_iterator it;
		bool processed = false;
		loggers::get_instance().log("http_codec::encode_body: Content-type:'%s'", p_content_type.c_str());
		loggers::get_instance().log("http_codec::encode_body: Content-Type:'%s'", p_content_type.c_str());
		if (p_content_type.find("held") != std::string::npos) {
		it = _codecs.find("held"); // TODO Use params
		if (it != _codecs.cend()) {
		@@ -516,25 +517,44 @@ int http_codec::decode_body(TTCN_Buffer& decoding_buffer, LibItsHttp__MessageBod
		loggers::get_instance().log("http_codec::decode_body: counter=%d", counter);
		body = OCTETSTRING(body.lengthof() - counter, static_cast<const unsigned char*>(body));
		if (_dc.chunked){
		// Extract the size of the chunk <chunk size>\r[\n]
		counter = 0;
		while (counter < body.lengthof()) {
		int prev = 0;
		OCTETSTRING os(0, nullptr);
		do {
		while (counter < body.lengthof()) { // Extract the size of the chunk <chunk size>\r[\n]
		if ((body[counter].get_octet() == '\r') \|\| (body[counter].get_octet() == '\n')) {
		break;
		}
		counter += 1;
		} // End of 'while' statement
		loggers::get_instance().log("http_codec::decode_body: Chunked: counter=%d", counter);
		if (counter < body.lengthof()) { // Skip additional \n
		OCTETSTRING os(counter - 1, static_cast<const unsigned char*>(body));
		loggers::get_instance().log_msg("http_codec::decode_body: os: ", os);
		int len = oct2int(os);
		loggers::get_instance().log("http_codec::decode_body: Chunked(0): prev = %d, counter=%d / %d", prev, counter, body.lengthof());
		if (counter < body.lengthof()) {
		int idx = counter - prev;
		OCTETSTRING trunk(idx, static_cast<const unsigned char*>(body));
		loggers::get_instance().log_msg("http_codec::decode_body: trunk: ", trunk);
		std::string str((const char)static_cast<const unsigned char>(trunk), idx);
		loggers::get_instance().log("http_codec::decode_body: str: '%s'", str.c_str());
		int len = std::stoi(str, nullptr, 16);//converter::get_instance().string_to_int(str);
		loggers::get_instance().log("http_codec::decode_body: Chunk len: %d", len);
		if (body[counter].get_octet() == '\n') {
		while (counter < body.lengthof() && ((body[counter].get_octet() == '\r') \|\| (body[counter].get_octet() == '\n'))) { // Skip additional \n
		counter += 1;
		} // End of 'while' statement
		if (counter < body.lengthof()) {
		loggers::get_instance().log("http_codec::decode_body: Chunked (1): prev = %d, counter=%d / %d", prev, counter, body.lengthof());
		os += OCTETSTRING(len, counter + static_cast<const unsigned char*>(body));
		loggers::get_instance().log_msg("http_codec::decode_body: os=", os);
		counter += len;
		loggers::get_instance().log("http_codec::decode_body: Chunked: %02x %02x %02x", body[counter].get_octet(), body[counter + 1].get_octet(), body[counter + 2].get_octet());
		loggers::get_instance().log("http_codec::decode_body: Chunked (2): prev = %d, counter=%d / %d", prev, counter, body.lengthof());
		while (counter < body.lengthof() && ((body[counter].get_octet() == '\r') \|\| (body[counter].get_octet() == '\n'))) { // Skip additional \n
		counter += 1;
		} // End of 'while' statement
		prev = counter;
		loggers::get_instance().log("http_codec::decode_body: Chunked (3): prev = %d, counter=%d / %d", prev, counter, body.lengthof());
		}
		body = OCTETSTRING(len, counter + static_cast<const unsigned char*>(body));
		}
		} while (counter < body.lengthof()); // Process next chunk if any
		body = os;
		}
		loggers::get_instance().log_msg("http_codec::decode_body: Finalised body=", body);
		// Check if HTTP message body contains binary characters

ccsrc/Protocols/Security/certificates_loader.cc

+12 −10

Original line number	Diff line number	Diff line
		@@ -149,21 +149,23 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
		p_files.erase(it);

		// Load private key file
		OCTETSTRING private_key;
		p = p.replace_extension(_privateKeyExt);
		loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private keys '%s'", p.string().c_str());
		is.open(p, ios::in \| ios::binary);
		if (!is.is_open()) {
		loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to open Private key");
		return -1;
		}
		private_key = OCTETSTRING(0, nullptr);
		} else {
		int size = std::experimental::filesystem::file_size(p);
		if ((size != 32) && (size != 48)) {
		loggers::get_instance().warning("certificates_loader::build_certificates_cache: Private key size is incorrect for '%s'", key.c_str());
		return -1;
		}
		OCTETSTRING private_key = int2oct(0, size);
		private_key = int2oct(0, size);
		is.read((char )static_cast<const unsigned char>(private_key), private_key.lengthof());
		is.close();
		}

		// Load private encryption key file if present
		OCTETSTRING private_enc_key;
		@@ -174,7 +176,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
		loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to open Private encryption key file");
		private_enc_key = OCTETSTRING(0, nullptr);
		} else {
		size = std::experimental::filesystem::file_size(p);
		int size = std::experimental::filesystem::file_size(p);
		if (size != 32) { // IEEE Std 1609.2 2017: NistP256 or BrainpoolP256r1
		loggers::get_instance().warning("certificates_loader::build_certificates_cache: Private encryption key size is incorrect for '%s'", key.c_str());
		return -1;

ccsrc/Protocols/Security/security_cache.cc

+65 −6

Original line number	Diff line number	Diff line
		@@ -23,8 +23,8 @@ using namespace std; // Required for isnan()
		#include "loggers.hh"

		bool security_cache_comp::operator()(const OCTETSTRING& p_lhs, const OCTETSTRING& p_rhs) const {
		loggers::get_instance().log_msg(">>> security_cache_comp::operator(): p_lhs= ", p_lhs);
		loggers::get_instance().log_msg(">>> security_cache_comp::operator(): p_rhs= ", p_rhs);
		//loggers::get_instance().log_msg(">>> security_cache_comp::operator(): p_lhs= ", p_lhs);
		//loggers::get_instance().log_msg(">>> security_cache_comp::operator(): p_rhs= ", p_rhs);
		unsigned char* first1 = (unsigned char)static_cast<const unsigned char>(p_lhs);
		unsigned char* first2 = (unsigned char)static_cast<const unsigned char>(p_rhs);
		unsigned char* last1 = p_lhs.lengthof() + (unsigned char)static_cast<const unsigned char>(p_lhs);
		@@ -59,7 +59,7 @@ int security_cache::clear() {
		return 0;
		} // End of clear method

		int security_cache::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const {
		int security_cache::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certificate_id) const {
		loggers::get_instance().log_msg(">>> security_cache::get_certificate_id: ", p_hashed_id8);

		std::map<OCTETSTRING, std::string>::const_iterator it = _hashed_id8s.find(p_hashed_id8);
		@@ -67,10 +67,10 @@ int security_cache::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::str
		//std::map<std::vector<unsigned char>, std::string>::const_iterator it = _hashed_id8s.find(v);
		if (it == _hashed_id8s.cend()) {
		dump();
		p_certifcate_id = "";
		p_certificate_id = "";
		return -1;
		}
		p_certifcate_id = it->second;
		p_certificate_id = it->second;

		return 0;
		}
		@@ -102,6 +102,65 @@ int security_cache::get_certificate(const std::string& p_certificate_id, IEEE160
		return 0;
		}

		int security_cache::get_certificate(const OCTETSTRING& p_hashed_id3, IEEE1609dot2::CertificateBase& p_certificate) const {
		loggers::get_instance().log_msg(">>> security_cache::get_certificate: ", p_hashed_id3);

		std::map<OCTETSTRING, std::string, security_cache_comp>::const_iterator s;
		for (s = _hashed_id8s.cbegin(); s != _hashed_id8s.cend(); ++s) {
		if (
		(p_hashed_id3[2] == (s->first)[(s->first).lengthof() - 1]) &&
		(p_hashed_id3[1] == (s->first)[(s->first).lengthof() - 2]) &&
		(p_hashed_id3[0] == (s->first)[(s->first).lengthof() - 3])
		) {
		break;
		}
		} // End of 'for' statement
		if (s == _hashed_id8s.cend()) {
		loggers::get_instance().warning("security_cache::get_certificate: hashedId3 does not match");
		return -1;
		}
		/*TODO std::map<OCTETSTRING, std::string, security_cache_comp>::const_iterator s = std::find_if(
		_hashed_id8s.cbegin(),
		_hashed_id8s.cend(),
		hashed_id_matching
		);*/
		std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(s->second);
		if (it == _certificates.cend()) {
		loggers::get_instance().warning("security_cache::get_certificate: record not found");
		return -1;
		}
		p_certificate = it->second.get()->decoded_certificate();

		return 0;
		}

		int security_cache::get_certificate_hashed_id3(const OCTETSTRING& p_hashed_id3, std::string& p_certificate_id) const {
		loggers::get_instance().log_msg(">>> security_cache::get_certificate_hashed_id3: ", p_hashed_id3);

		std::map<OCTETSTRING, std::string, security_cache_comp>::const_iterator s;
		for (s = _hashed_id8s.cbegin(); s != _hashed_id8s.cend(); ++s) {
		if (
		(p_hashed_id3[2] == (s->first)[(s->first).lengthof() - 1]) &&
		(p_hashed_id3[1] == (s->first)[(s->first).lengthof() - 2]) &&
		(p_hashed_id3[0] == (s->first)[(s->first).lengthof() - 3])
		) {
		break;
		}
		} // End of 'for' statement
		if (s == _hashed_id8s.cend()) {
		loggers::get_instance().warning("security_cache::get_certificate_hashed_id3: hashedId3 does not match");
		return -1;
		}
		/*TODO std::map<OCTETSTRING, std::string, security_cache_comp>::const_iterator s = std::find_if(
		_hashed_id8s.cbegin(),
		_hashed_id8s.cend(),
		hashed_id_matching
		);*/
		p_certificate_id = s->second;

		return 0;
		}

		int security_cache::get_issuer(const std::string& p_certificate_id, OCTETSTRING& p_hashed_id_issuer) const {
		loggers::get_instance().log(">>> security_cache::get_issuer: '%s'", p_certificate_id.c_str());