Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
ITS - Intelligent Transport Systems
ITS
Commits
353cf4db
Commit
353cf4db
authored
Aug 14, 2018
by
garciay
Browse files
Enahance certificate loader
parent
cab6e9e7
Changes
14
Expand all
Hide whitespace changes
Inline
Side-by-side
ccsrc/Externals/LibItsSecurity_externals.cc
View file @
353cf4db
...
...
@@ -951,7 +951,7 @@ namespace LibItsSecurity__Functions
return
TRUE
;
}
BOOLEAN
fx__store__certificate
(
const
CHARSTRING
&
p__cert__id
,
const
OCTETSTRING
&
p__cert
,
const
OCTETSTRING
&
p__private__key
,
const
OCTETSTRING
&
p__public__key__x
,
const
OCTETSTRING
&
p__public__key__y
,
const
OCTETSTRING
&
p__public__key__compressed
,
const
INTEGER
&
p__public__key__compressed__mode
,
const
OCTETSTRING
&
p__hashid8
,
const
OCTETSTRING
&
p__issuer
,
const
OCTETSTRING_template
&
p__private__enc__key
,
const
OCTETSTRING_template
&
p__public__enc__key__x
,
const
OCTETSTRING_template
&
p__public__enc__key__y
,
const
OCTETSTRING_template
&
p__public__enc__compressed__key
,
const
INTEGER_template
&
p__public__enc__key__compressed__mode
)
{
BOOLEAN
fx__store__certificate
(
const
CHARSTRING
&
p__cert__id
,
const
OCTETSTRING
&
p__cert
,
const
OCTETSTRING
&
p__private__key
,
const
OCTETSTRING
&
p__public__key__x
,
const
OCTETSTRING
&
p__public__key__y
,
const
OCTETSTRING
&
p__public__key__compressed
,
const
INTEGER
&
p__public__key__compressed__mode
,
const
OCTETSTRING
&
p__hash
,
const
OCTETSTRING
&
p__hashid8
,
const
OCTETSTRING
&
p__issuer
,
const
OCTETSTRING_template
&
p__private__enc__key
,
const
OCTETSTRING_template
&
p__public__enc__key__x
,
const
OCTETSTRING_template
&
p__public__enc__key__y
,
const
OCTETSTRING_template
&
p__public__enc__compressed__key
,
const
INTEGER_template
&
p__public__enc__key__compressed__mode
)
{
loggers
::
get_instance
().
log
(
">>> fx__store__certificate: '%s'"
,
static_cast
<
const
char
*>
(
p__cert__id
));
int
result
;
...
...
@@ -959,9 +959,9 @@ namespace LibItsSecurity__Functions
const
OCTETSTRING
private_enc_key
=
p__private__enc__key
.
valueof
();
const
OCTETSTRING
public_enc_key_x
=
p__public__enc__key__x
.
valueof
();
const
OCTETSTRING
public_enc_key_y
=
p__public__enc__key__y
.
valueof
();
result
=
security_services
::
get_instance
().
store_certificate
(
p__cert__id
,
p__cert
,
p__private__key
,
p__public__key__x
,
p__public__key__y
,
p__public__key__compressed
,
p__public__key__compressed__mode
,
p__hashid8
,
p__issuer
,
p__private__enc__key
.
valueof
(),
p__public__enc__key__x
.
valueof
(),
p__public__enc__key__y
.
valueof
(),
p__public__enc__compressed__key
.
valueof
(),
p__public__enc__key__compressed__mode
.
valueof
());
result
=
security_services
::
get_instance
().
store_certificate
(
p__cert__id
,
p__cert
,
p__private__key
,
p__public__key__x
,
p__public__key__y
,
p__public__key__compressed
,
p__public__key__compressed__mode
,
p__hash
,
p__hashid8
,
p__issuer
,
p__private__enc__key
.
valueof
(),
p__public__enc__key__x
.
valueof
(),
p__public__enc__key__y
.
valueof
(),
p__public__enc__compressed__key
.
valueof
(),
p__public__enc__key__compressed__mode
.
valueof
());
}
else
{
result
=
security_services
::
get_instance
().
store_certificate
(
p__cert__id
,
p__cert
,
p__private__key
,
p__public__key__x
,
p__public__key__y
,
p__public__key__compressed
,
p__public__key__compressed__mode
,
p__hashid8
,
p__issuer
,
OCTETSTRING
(
0
,
nullptr
),
OCTETSTRING
(
0
,
nullptr
),
OCTETSTRING
(
0
,
nullptr
),
OCTETSTRING
(
0
,
nullptr
),
INTEGER
(
-
1
));
result
=
security_services
::
get_instance
().
store_certificate
(
p__cert__id
,
p__cert
,
p__private__key
,
p__public__key__x
,
p__public__key__y
,
p__public__key__compressed
,
p__public__key__compressed__mode
,
p__hash
,
p__hashid8
,
p__issuer
,
OCTETSTRING
(
0
,
nullptr
),
OCTETSTRING
(
0
,
nullptr
),
OCTETSTRING
(
0
,
nullptr
),
OCTETSTRING
(
0
,
nullptr
),
INTEGER
(
-
1
));
}
return
(
result
==
0
);
...
...
ccsrc/Protocols/Security/certificates_loader.cc
View file @
353cf4db
This diff is collapsed.
Click to expand it.
ccsrc/Protocols/Security/certificates_loader.hh
View file @
353cf4db
...
...
@@ -19,6 +19,7 @@
#include
<experimental/filesystem>
#include
"security_db_record.hh"
#include
"security_ecc.hh"
namespace
IEEE1609dot2BaseTypes
{
class
EccP256CurvePoint
;
//! Declare TITAN class
...
...
@@ -31,15 +32,9 @@ namespace IEEE1609dot2BaseTypes {
* \remark Singleton pattern
*/
class
certificates_loader
{
std
::
string
_certificateExt
;
//! COER encoding certificate extension. Default: .oer
std
::
string
_privateKeyExt
;
//! Private signing key extension. Default: .vkey
std
::
string
_privateEncKeyExt
;
//! Private cyphering key extension. Default: .ekey
std
::
string
_publicKeysExt
;
std
::
string
_publicCompKeysExt
;
std
::
string
_publicEncKeysExt
;
std
::
string
_hashedidDigestExt
;
std
::
string
_issuerDigestExt
;
std
::
string
_publicEncCompKeysExt
;
std
::
string
_certificateExt
;
//! COER encoding certificate extension. Default: .oer
std
::
string
_privateKeyExt
;
//! Private signing key extension. Default: .vkey
std
::
string
_privateEncKeyExt
;
//! Private cyphering key extension. Default: .ekey
std
::
experimental
::
filesystem
::
path
_full_path
;
//! The full folder path to load certificates
bool
_is_cache_initialized
;
//! Set to true when certificates are successfully loaded from file system
std
::
set
<
std
::
string
>
_directory_filter
;
//! Directory filter (for local development purposes only)
...
...
@@ -80,6 +75,6 @@ private:
int
build_certificates_cache
(
std
::
set
<
std
::
experimental
::
filesystem
::
path
>&
p_files
,
std
::
map
<
std
::
string
,
std
::
unique_ptr
<
security_db_record
>
>&
p_certificates
,
std
::
map
<
OCTETSTRING
,
std
::
string
>&
p_hashed_id8s
);
void
fill_public_key_vectors
(
const
IEEE1609dot2BaseTypes
::
EccP256CurvePoint
&
p_ecc_point
,
OCTETSTRING
&
p_public_comp_key
,
OCTETSTRING
&
p_public_key_x
,
OCTETSTRING
&
p_public_key_y
);
void
fill_public_key_vectors
(
const
IEEE1609dot2BaseTypes
::
EccP384CurvePoint
&
p_ecc_point
,
OCTETSTRING
&
p_public_comp_key
,
OCTETSTRING
&
p_public_key_x
,
OCTETSTRING
&
p_public_key_y
);
void
fill_public_key_vectors
(
const
ec_elliptic_curves
p_elliptic_curve
,
const
IEEE1609dot2BaseTypes
::
EccP256CurvePoint
&
p_ecc_point
,
OCTETSTRING
&
p_public_comp_key
,
OCTETSTRING
&
p_public_key_x
,
OCTETSTRING
&
p_public_key_y
);
void
fill_public_key_vectors
(
const
ec_elliptic_curves
p_elliptic_curve
,
const
IEEE1609dot2BaseTypes
::
EccP384CurvePoint
&
p_ecc_point
,
OCTETSTRING
&
p_public_comp_key
,
OCTETSTRING
&
p_public_key_x
,
OCTETSTRING
&
p_public_key_y
);
};
// End of class certificates_loader
ccsrc/Protocols/Security/security_cache.cc
View file @
353cf4db
...
...
@@ -211,11 +211,11 @@ bool security_cache::fill_vector(OCTETSTRING& p_vector, const OCTETSTRING& p_org
return
false
;
}
int
security_cache
::
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_compressed_key
,
const
INTEGER
&
p_public_compressed_key_mode
,
const
OCTETSTRING
&
p_hashed_id8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_compressed_key_mode
)
{
int
security_cache
::
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_compressed_key
,
const
INTEGER
&
p_public_compressed_key_mode
,
const
OCTETSTRING
&
p_hash
,
const
OCTETSTRING
&
p_hashed_id8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_compressed_key_mode
)
{
loggers
::
get_instance
().
log_msg
(
">>> security_cache::store_certificate: "
,
p_cert_id
);
std
::
string
key
(
static_cast
<
const
char
*>
(
p_cert_id
));
OCTETSTRING
cert
,
private_key
,
public_key_x
,
public_key_y
,
public_comp_key
,
hashed_id8
,
issuer
;
OCTETSTRING
cert
,
private_key
,
public_key_x
,
public_key_y
,
public_comp_key
,
hash
,
hashed_id8
,
issuer
;
OCTETSTRING
private_enc_key
,
public_enc_key_x
,
public_enc_key_y
,
public_enc_comp_key
;
security_cache
::
fill_vector
(
cert
,
p_cert
);
...
...
@@ -228,6 +228,7 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST
loggers
::
get_instance
().
log_msg
(
"security_cache::store_certificate: public_comp_key: "
,
public_comp_key
);
}
security_cache
::
fill_vector
(
hash
,
p_hash
);
security_cache
::
fill_vector
(
hashed_id8
,
p_hashed_id8
);
security_cache
::
fill_vector
(
issuer
,
p_issuer
);
...
...
@@ -248,7 +249,8 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST
cert
,
// Certificate
decoded_certificate
,
issuer
,
// Hashed ID for the issuer
hashed_id8
,
// Hashed ID
hash
,
// Whole-certificate hash
hashed_id8
,
// Whole-certificate hashed ID
private_key
,
// Private key
public_key_x
,
// Public key X-coordinate
public_key_y
,
// Public key Y-coordinate
...
...
ccsrc/Protocols/Security/security_cache.hh
View file @
353cf4db
...
...
@@ -56,7 +56,7 @@ public: /*! \publicsection */
int
get_public_enc_keys
(
const
std
::
string
&
p_certificate_id
,
OCTETSTRING
&
p_public_enc_key_x
,
OCTETSTRING
&
p_public_enc_key_y
)
const
;
int
get_public_enc_comp_key
(
const
std
::
string
&
p_certificate_id
,
OCTETSTRING
&
p_public_enc_comp_key
,
INTEGER
&
p_enc_comp_mode
)
const
;
virtual
int
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_compressed_key
,
const
INTEGER
&
p_public_compressed_key_mode
,
const
OCTETSTRING
&
p_hashid8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_compressed_key_mode
);
virtual
int
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_compressed_key
,
const
INTEGER
&
p_public_compressed_key_mode
,
const
OCTETSTRING
&
p_hash
,
const
OCTETSTRING
&
p_hashid8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_compressed_key_mode
);
virtual
int
clear
();
...
...
ccsrc/Protocols/Security/security_db.cc
View file @
353cf4db
...
...
@@ -40,10 +40,10 @@ int security_db::load_from_files(const std::string& p_db_path) {
return
0
;
}
int
security_db
::
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_compressed_key
,
const
INTEGER
&
p_public_compressed_key_mode
,
const
OCTETSTRING
&
p_hashed_id8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressd_key
,
const
INTEGER
&
p_public_enc_compressed_key_mode
)
{
int
security_db
::
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_compressed_key
,
const
INTEGER
&
p_public_compressed_key_mode
,
const
OCTETSTRING
&
p_hash
,
const
OCTETSTRING
&
p_hashed_id8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressd_key
,
const
INTEGER
&
p_public_enc_compressed_key_mode
)
{
loggers
::
get_instance
().
log_msg
(
">>> security_db::store_certificate: "
,
p_cert_id
);
if
(
security_cache
::
store_certificate
(
p_cert_id
,
p_cert
,
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_compressed_key
,
p_public_compressed_key_mode
,
p_hashed_id8
,
p_issuer
,
p_private_enc_key
,
p_public_enc_key_x
,
p_public_enc_key_y
,
p_public_enc_compressd_key
,
p_public_enc_compressed_key_mode
)
!=
0
)
{
if
(
security_cache
::
store_certificate
(
p_cert_id
,
p_cert
,
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_compressed_key
,
p_public_compressed_key_mode
,
p_hash
,
p_hashed_id8
,
p_issuer
,
p_private_enc_key
,
p_public_enc_key_x
,
p_public_enc_key_y
,
p_public_enc_compressd_key
,
p_public_enc_compressed_key_mode
)
!=
0
)
{
return
-
1
;
}
...
...
ccsrc/Protocols/Security/security_db.hh
View file @
353cf4db
...
...
@@ -38,7 +38,7 @@ public: /*! \publicsection */
* \param[in] p_cert_id The certificate identifier
* \return 0 on success, -1 otherwise
*/
int
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_compressed_key
,
const
INTEGER
&
p_public_compressed_key_mode
,
const
OCTETSTRING
&
p_hashid8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_compressed_key_mode
);
int
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_compressed_key
,
const
INTEGER
&
p_public_compressed_key_mode
,
const
OCTETSTRING
&
p_hash
,
const
OCTETSTRING
&
p_hashid8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_compressed_key_mode
);
private:
/*! \privatesection */
/*!
...
...
ccsrc/Protocols/Security/security_db_record.cc
View file @
353cf4db
...
...
@@ -19,6 +19,7 @@ security_db_record::security_db_record(
const
OCTETSTRING
&
p_certificate
,
const
IEEE1609dot2
::
CertificateBase
&
p_decoded_certificate
,
const
OCTETSTRING
&
p_hashed_id_issuer
,
const
OCTETSTRING
&
p_hash
,
const
OCTETSTRING
&
p_hashed_id
,
const
OCTETSTRING
&
p_pr_key
,
const
OCTETSTRING
&
p_pu_key_x
,
...
...
@@ -29,14 +30,7 @@ security_db_record::security_db_record(
const
OCTETSTRING
&
p_pu_enc_key_y
,
const
OCTETSTRING
&
p_pu_enc_comp_key
,
const
bool
p_to_be_saved
)
:
_algorithm
{
ec_elliptic_curves
::
nist_p_256
},
_certificate_id
(
p_certificate_id
),
_certificate
(
p_certificate
),
_hashed_id_issuer
(
p_hashed_id_issuer
),
_hash
(),
_hashed_id
(
p_hashed_id
),
_pr_key
(
p_pr_key
),
_pu_key_x
(
p_pu_key_x
),
_pu_key_y
(
p_pu_key_y
),
_pu_comp_key
(
p_pu_comp_key
),
_pr_enc_key
(
p_pr_enc_key
),
_pu_enc_key_x
(
p_pu_enc_key_x
),
_pu_enc_key_y
(
p_pu_enc_key_y
),
_pu_enc_comp_key
(
p_pu_enc_comp_key
),
_to_be_saved
(
p_to_be_saved
),
_decoded_certificate
(
static_cast
<
IEEE1609dot2
::
CertificateBase
*>
(
p_decoded_certificate
.
clone
()))
{
if
(
p_pr_key
.
lengthof
()
==
32
)
{
sha256
sha
;
sha
.
generate
(
_certificate
,
_hash
);
}
else
{
sha384
sha
;
sha
.
generate
(
_certificate
,
_hash
);
}
)
:
_algorithm
{
ec_elliptic_curves
::
nist_p_256
},
_certificate_id
(
p_certificate_id
),
_certificate
(
p_certificate
),
_hashed_id_issuer
(
p_hashed_id_issuer
),
_hash
(
p_hash
),
_hashed_id
(
p_hashed_id
),
_pr_key
(
p_pr_key
),
_pu_key_x
(
p_pu_key_x
),
_pu_key_y
(
p_pu_key_y
),
_pu_comp_key
(
p_pu_comp_key
),
_pr_enc_key
(
p_pr_enc_key
),
_pu_enc_key_x
(
p_pu_enc_key_x
),
_pu_enc_key_y
(
p_pu_enc_key_y
),
_pu_enc_comp_key
(
p_pu_enc_comp_key
),
_to_be_saved
(
p_to_be_saved
),
_decoded_certificate
(
static_cast
<
IEEE1609dot2
::
CertificateBase
*>
(
p_decoded_certificate
.
clone
()))
{
}
const
IEEE1609dot2
::
CertificateBase
&
security_db_record
::
decoded_certificate
()
const
{
...
...
ccsrc/Protocols/Security/security_db_record.hh
View file @
353cf4db
...
...
@@ -30,7 +30,7 @@ class security_db_record {
std
::
string
_certificate_id
;
/*!< Certificate storage*/
OCTETSTRING
_certificate
;
/*!< COER storage */
OCTETSTRING
_hashed_id_issuer
;
/*!< Hash id 8 of the issuer certificate */
OCTETSTRING
_hash
;
/*!< Certificate hash storage */
OCTETSTRING
_hash
;
/*!< Certificate hash storage */
// TODO Check if it's usefull, otherwise remove it
OCTETSTRING
_hashed_id
;
/*!< Certificate hash id 8 storage */
OCTETSTRING
_pr_key
;
/*!< Private key storage */
OCTETSTRING
_pu_key_x
;
/*!< Public key X-coordinate storage */
...
...
@@ -54,6 +54,7 @@ public: /*! \publicsection */
* \param[in] p_certificate The COER encoded certificate
* \param[in] p_decoded_certificate The decoded certificate
* \param[in] p_hashed_id_issuer The HashedId of the certificate issuer
* \param[in] p_hash The whole-certificate hash
* \param[in] p_hashed_id The whole-certificate hashed id
* \param[in] p_pr_key The private signature key
* \param[in] p_pu_key_x The public X-coordinate signature key
...
...
@@ -65,7 +66,7 @@ public: /*! \publicsection */
* \param[in] p_pu_enc_comp_key_y The public compressed coordinate encryption key
* \param[in] p_to_be_saved Set to true to save on disk this certificate.Default: true
*/
security_db_record
(
const
std
::
string
&
p_certificate_id
,
const
OCTETSTRING
&
p_certificate
,
const
IEEE1609dot2
::
CertificateBase
&
p_decoded_certificate
,
const
OCTETSTRING
&
p_hashed_id_issuer
,
const
OCTETSTRING
&
p_hashed_id
,
const
OCTETSTRING
&
p_pr_key
,
const
OCTETSTRING
&
p_pu_key_x
,
const
OCTETSTRING
&
p_pu_key_y
,
const
OCTETSTRING
&
p_pu_comp_key
,
const
OCTETSTRING
&
p_pr_enc_key
,
const
OCTETSTRING
&
p_pu_enc_key_x
,
const
OCTETSTRING
&
p_pu_enc_key_y
,
const
OCTETSTRING
&
p_pu_enc_comp_key_y
,
const
bool
p_to_be_saved
=
true
);
security_db_record
(
const
std
::
string
&
p_certificate_id
,
const
OCTETSTRING
&
p_certificate
,
const
IEEE1609dot2
::
CertificateBase
&
p_decoded_certificate
,
const
OCTETSTRING
&
p_hashed_id_issuer
,
const
OCTETSTRING
&
p_hash
,
const
OCTETSTRING
&
p_hashed_id
,
const
OCTETSTRING
&
p_pr_key
,
const
OCTETSTRING
&
p_pu_key_x
,
const
OCTETSTRING
&
p_pu_key_y
,
const
OCTETSTRING
&
p_pu_comp_key
,
const
OCTETSTRING
&
p_pr_enc_key
,
const
OCTETSTRING
&
p_pu_enc_key_x
,
const
OCTETSTRING
&
p_pu_enc_key_y
,
const
OCTETSTRING
&
p_pu_enc_comp_key_y
,
const
bool
p_to_be_saved
=
true
);
/*!
* \brief Default dtor
...
...
ccsrc/Protocols/Security/security_services.cc
View file @
353cf4db
...
...
@@ -68,7 +68,7 @@ int security_services::setup(params& p_params) { // FIXME Rename this method
return
0
;
}
int
security_services
::
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_comp_key
,
const
INTEGER
&
p_public_comp_key_mode
,
const
OCTETSTRING
&
p_hashid8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_key_compressed_mode
)
{
int
security_services
::
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_comp_key
,
const
INTEGER
&
p_public_comp_key_mode
,
const
OCTETSTRING
&
p_hash
,
const
OCTETSTRING
&
p_hashid8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_key_compressed_mode
)
{
loggers
::
get_instance
().
log_msg
(
">>> security_services::store_certificate: "
,
p_cert_id
);
// Sanity checks
...
...
@@ -76,7 +76,7 @@ int security_services::store_certificate(const CHARSTRING& p_cert_id, const OCTE
loggers
::
get_instance
().
warning
(
"security_services::store_certificate: Not initialised"
);
return
-
1
;
}
return
_security_db
.
get
()
->
store_certificate
(
p_cert_id
,
p_cert
,
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_comp_key
,
p_public_comp_key_mode
,
p_hashid8
,
p_issuer
,
p_private_enc_key
,
p_public_enc_key_x
,
p_public_enc_key_y
,
p_public_enc_compressed_key
,
p_public_enc_key_compressed_mode
);
return
_security_db
.
get
()
->
store_certificate
(
p_cert_id
,
p_cert
,
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_comp_key
,
p_public_comp_key_mode
,
p_hash
,
p_hashid8
,
p_issuer
,
p_private_enc_key
,
p_public_enc_key_x
,
p_public_enc_key_y
,
p_public_enc_compressed_key
,
p_public_enc_key_compressed_mode
);
}
int
security_services
::
verify_and_extract_gn_payload
(
const
OCTETSTRING
&
p_secured_gn_payload
,
const
bool
p_verify
,
IEEE1609dot2
::
Ieee1609Dot2Data
&
p_ieee_1609dot2_data
,
OCTETSTRING
&
p_unsecured_gn_payload
,
params
&
p_params
)
{
...
...
@@ -891,6 +891,9 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
}
}
else
{
loggers
::
get_instance
().
warning
(
"security_services::extract_encryption_keys: EncryptionKey omitted"
);
p_public_enc_key_x
=
OCTETSTRING
(
0
,
nullptr
);
p_public_enc_key_y
=
OCTETSTRING
(
0
,
nullptr
);
p_public_enc_comp_key
=
OCTETSTRING
(
0
,
nullptr
);
return
0
;
// Normal termination
}
...
...
@@ -949,8 +952,9 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
public_comp_key
,
public_comp_key_mode
,
hash_cert
,
hashed_id8
,
p_certificate
.
issuer
().
sha256AndDigest
(),
int2oct
(
0
,
32
),
// Encryption private not used
OCTETSTRING
(
0
,
nullptr
),
// Encryption private not used
public_enc_key_x
,
public_enc_key_y
,
public_enc_comp_key
,
...
...
@@ -997,8 +1001,9 @@ int security_services::extract_encryption_keys(const IEEE1609dot2::CertificateBa
public_comp_key
,
public_comp_key_mode
,
hash_cert
,
hashed_id8
,
p_certificate
.
issuer
().
sha384AndDigest
(),
int2oct
(
0
,
48
),
// Encryption private not used
OCTETSTRING
(
0
,
nullptr
),
// Encryption private not used
public_enc_key_x
,
public_enc_key_y
,
public_enc_comp_key
,
...
...
ccsrc/Protocols/Security/security_services.hh
View file @
353cf4db
...
...
@@ -101,7 +101,7 @@ public: /*! \publicsection */
int
setup
(
params
&
p_params
);
int
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_comp_key
,
const
INTEGER
&
p_public_comp_key_mode
,
const
OCTETSTRING
&
p_hashid8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_key_compressed_mode
);
int
store_certificate
(
const
CHARSTRING
&
p_cert_id
,
const
OCTETSTRING
&
p_cert
,
const
OCTETSTRING
&
p_private_key
,
const
OCTETSTRING
&
p_public_key_x
,
const
OCTETSTRING
&
p_public_key_y
,
const
OCTETSTRING
&
p_public_comp_key
,
const
INTEGER
&
p_public_comp_key_mode
,
const
OCTETSTRING
&
p_hash
,
const
OCTETSTRING
&
p_hashid8
,
const
OCTETSTRING
&
p_issuer
,
const
OCTETSTRING
&
p_private_enc_key
,
const
OCTETSTRING
&
p_public_enc_key_x
,
const
OCTETSTRING
&
p_public_enc_key_y
,
const
OCTETSTRING
&
p_public_enc_compressed_key
,
const
INTEGER
&
p_public_enc_key_compressed_mode
);
inline
void
set_position
(
const
int
p_latitude
,
const
int
p_longitude
,
const
int
p_elevation
=
0
)
{
_latitude
=
p_latitude
;
_longitude
=
p_longitude
;
_elevation
=
p_elevation
;
};
...
...
etc/TestCodec/TestCodec.cfg
View file @
353cf4db
...
...
@@ -21,7 +21,7 @@ LibCommon_Time.PX_TAC := 35.0
# Root path to access certificate stored in files, identified by certficate ID
LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "cert_asn1c" #"test_01";
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME :=
"Yann" #
"cert_asn1c" #"test_01";
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
...
...
@@ -286,11 +286,6 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1)"
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_2
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
#TestCodec_SecuredFuntions.tc_load_certificates
#TestCodec_SecuredFuntions.tc_read_certificate_1
#TestCodec_SecuredFuntions.tc_read_certificate_2
#TestCodec_SecuredFuntions.tc_read_certificate_digest
#TestCodec_SecuredFuntions.tc_read_certificate_hash
# Certificates
#TestCodec_Certificates.tc_root_certificate_sha256_1
#TestCodec_Certificates.tc_root_certificate_sha256_2
...
...
@@ -310,8 +305,13 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1)"
#TestCodec_SecuredMessages.tc_secured_message_signed_and_encrypted_1
#TestCodec_SecuredMessages.tc_secured_message_signed_and_encrypted_2
# Chain of certificates
#
TestCodec_ChainOfCertificates.tc_full_check_certificate_1
TestCodec_ChainOfCertificates.tc_full_check_certificate_1
#TestCodec_ChainOfCertificates.tc_full_check_certificate_2
TestCodec_SecuredFuntions.tc_load_certificates
TestCodec_SecuredFuntions.tc_read_certificate_1
TestCodec_SecuredFuntions.tc_read_certificate_2
TestCodec_SecuredFuntions.tc_read_certificate_digest
TestCodec_SecuredFuntions.tc_read_certificate_hash
# Encryption
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test1
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test2
...
...
@@ -319,9 +319,9 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1)"
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
#
TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
#
TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
#
TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_4
# Pki
#TestCodec_Pki.tc_inner_ec_request_1
...
...
ttcn/TestCodec/TestCodec_ChainOfCertificates.ttcn
View file @
353cf4db
...
...
@@ -150,9 +150,9 @@ module TestCodec_ChainOfCertificates {
// Store Private key in binary format
fx_loadCertificates
(
"/home/vagrant/tmp/Yann"
,
""
);
fx_store_certificate
(
"CERT_
TES
T_A_R
OOT
"
,
v_chain_sec_info
.
ca
.
enc_cert
,
v_chain_sec_info
.
ca
.
private_key
,
v_chain_sec_info
.
ca
.
public_key_x
,
v_chain_sec_info
.
ca
.
public_key_y
,
v_chain_sec_info
.
ca
.
public_key_compressed
,
v_chain_sec_info
.
ca
.
compressed_mode
,
v_chain_sec_info
.
ca
.
hashedid8
,
v_chain_sec_info
.
ca
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_T
S
_A_AA"
,
v_chain_sec_info
.
aa
.
enc_cert
,
v_chain_sec_info
.
aa
.
private_key
,
v_chain_sec_info
.
aa
.
public_key_x
,
v_chain_sec_info
.
aa
.
public_key_y
,
v_chain_sec_info
.
aa
.
public_key_compressed
,
v_chain_sec_info
.
aa
.
compressed_mode
,
v_chain_sec_info
.
aa
.
hashedid8
,
v_chain_sec_info
.
aa
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_T
S
_A_AT"
,
v_chain_sec_info
.
at
.
enc_cert
,
v_chain_sec_info
.
at
.
private_key
,
v_chain_sec_info
.
at
.
public_key_x
,
v_chain_sec_info
.
at
.
public_key_y
,
v_chain_sec_info
.
at
.
public_key_compressed
,
v_chain_sec_info
.
at
.
compressed_mode
,
v_chain_sec_info
.
at
.
hashedid8
,
v_chain_sec_info
.
at
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_
IU
T_A_R
CA
"
,
v_chain_sec_info
.
ca
.
enc_cert
,
v_chain_sec_info
.
ca
.
private_key
,
v_chain_sec_info
.
ca
.
public_key_x
,
v_chain_sec_info
.
ca
.
public_key_y
,
v_chain_sec_info
.
ca
.
public_key_compressed
,
v_chain_sec_info
.
ca
.
compressed_mode
,
v_chain_sec_info
.
ca
.
hash
,
v_chain_sec_info
.
ca
.
hashedid8
,
v_chain_sec_info
.
ca
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_
IU
T_A_AA"
,
v_chain_sec_info
.
aa
.
enc_cert
,
v_chain_sec_info
.
aa
.
private_key
,
v_chain_sec_info
.
aa
.
public_key_x
,
v_chain_sec_info
.
aa
.
public_key_y
,
v_chain_sec_info
.
aa
.
public_key_compressed
,
v_chain_sec_info
.
aa
.
compressed_mode
,
v_chain_sec_info
.
aa
.
hash
,
v_chain_sec_info
.
aa
.
hashedid8
,
v_chain_sec_info
.
aa
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_
IU
T_A_AT"
,
v_chain_sec_info
.
at
.
enc_cert
,
v_chain_sec_info
.
at
.
private_key
,
v_chain_sec_info
.
at
.
public_key_x
,
v_chain_sec_info
.
at
.
public_key_y
,
v_chain_sec_info
.
at
.
public_key_compressed
,
v_chain_sec_info
.
at
.
compressed_mode
,
v_chain_sec_info
.
at
.
hash
,
v_chain_sec_info
.
at
.
hashedid8
,
v_chain_sec_info
.
at
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
// Create a basic GeoNetworking message
v_gnNonSecuredPacket
:=
m_geoNwShbPacket
(
...
...
@@ -300,9 +300,9 @@ module TestCodec_ChainOfCertificates {
// Store Private key in binary format
fx_loadCertificates
(
"/home/vagrant/tmp/Yann"
,
""
);
fx_store_certificate
(
"CERT_TEST_B_ROOT"
,
v_chain_sec_info
.
ca
.
enc_cert
,
v_chain_sec_info
.
ca
.
private_key
,
v_chain_sec_info
.
ca
.
public_key_x
,
v_chain_sec_info
.
ca
.
public_key_y
,
v_chain_sec_info
.
ca
.
public_key_compressed
,
v_chain_sec_info
.
ca
.
compressed_mode
,
v_chain_sec_info
.
ca
.
hashedid8
,
v_chain_sec_info
.
ca
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_TS_B_AA"
,
v_chain_sec_info
.
aa
.
enc_cert
,
v_chain_sec_info
.
aa
.
private_key
,
v_chain_sec_info
.
aa
.
public_key_x
,
v_chain_sec_info
.
aa
.
public_key_y
,
v_chain_sec_info
.
aa
.
public_key_compressed
,
v_chain_sec_info
.
aa
.
compressed_mode
,
v_chain_sec_info
.
aa
.
hashedid8
,
v_chain_sec_info
.
aa
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_TS_B_AT"
,
v_chain_sec_info
.
at
.
enc_cert
,
v_chain_sec_info
.
at
.
private_key
,
v_chain_sec_info
.
at
.
public_key_x
,
v_chain_sec_info
.
at
.
public_key_y
,
v_chain_sec_info
.
at
.
public_key_compressed
,
v_chain_sec_info
.
at
.
compressed_mode
,
v_chain_sec_info
.
at
.
hashedid8
,
v_chain_sec_info
.
at
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_TEST_B_ROOT"
,
v_chain_sec_info
.
ca
.
enc_cert
,
v_chain_sec_info
.
ca
.
private_key
,
v_chain_sec_info
.
ca
.
public_key_x
,
v_chain_sec_info
.
ca
.
public_key_y
,
v_chain_sec_info
.
ca
.
public_key_compressed
,
v_chain_sec_info
.
ca
.
compressed_mode
,
v_chain_sec_info
.
ca
.
hash
,
v_chain_sec_info
.
ca
.
hashedid8
,
v_chain_sec_info
.
ca
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_TS_B_AA"
,
v_chain_sec_info
.
aa
.
enc_cert
,
v_chain_sec_info
.
aa
.
private_key
,
v_chain_sec_info
.
aa
.
public_key_x
,
v_chain_sec_info
.
aa
.
public_key_y
,
v_chain_sec_info
.
aa
.
public_key_compressed
,
v_chain_sec_info
.
aa
.
compressed_mode
,
v_chain_sec_info
.
aa
.
hash
,
v_chain_sec_info
.
aa
.
hashedid8
,
v_chain_sec_info
.
aa
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
fx_store_certificate
(
"CERT_TS_B_AT"
,
v_chain_sec_info
.
at
.
enc_cert
,
v_chain_sec_info
.
at
.
private_key
,
v_chain_sec_info
.
at
.
public_key_x
,
v_chain_sec_info
.
at
.
public_key_y
,
v_chain_sec_info
.
at
.
public_key_compressed
,
v_chain_sec_info
.
at
.
compressed_mode
,
v_chain_sec_info
.
at
.
hash
,
v_chain_sec_info
.
at
.
hashedid8
,
v_chain_sec_info
.
at
.
issuer
,
omit
,
omit
,
omit
,
omit
,
omit
);
// Create a basic GeoNetworking message
v_gnNonSecuredPacket
:=
m_geoNwShbPacket
(
...
...
ttcn/TestCodec/TestCodec_SecuredFuntions.ttcn
View file @
353cf4db
...
...
@@ -66,7 +66,7 @@ module TestCodec_SecuredFuntions {
setverdict
(
pass
);
}
if
(
fx_readCertificate
(
"CERT_IUT_A_
RC
A"
,
v_certificate
)
==
false
)
{
if
(
fx_readCertificate
(
"CERT_IUT_A_
A
A"
,
v_certificate
)
==
false
)
{
setverdict
(
fail
);
}
else
{
var
bitstring
v_oct2bit
;
...
...
@@ -88,7 +88,7 @@ module TestCodec_SecuredFuntions {
setverdict
(
fail
);
}
else
{
var
octetstring
v_digest
;
if
(
fx_readCertificateDigest
(
"CERT_IUT_A_
RC
A"
,
v_digest
)
==
false
)
{
if
(
fx_readCertificateDigest
(
"CERT_IUT_A_
A
A"
,
v_digest
)
==
false
)
{
setverdict
(
fail
);
}
else
{
log
(
"v_digest = "
,
v_digest
);
...
...
@@ -102,7 +102,7 @@ module TestCodec_SecuredFuntions {
setverdict
(
fail
);
}
else
{
var
octetstring
v_hash
;
if
(
fx_readCertificateHash
(
"CERT_IUT_A_
RC
A"
,
v_hash
)
==
false
)
{
if
(
fx_readCertificateHash
(
"CERT_IUT_A_
A
A"
,
v_hash
)
==
false
)
{
setverdict
(
fail
);
}
else
{
log
(
"v_hash = "
,
v_hash
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment