Loading ccsrc/Externals/LibItsSecurity_externals.cc +39 −47 Original line number Diff line number Diff line Loading @@ -56,7 +56,7 @@ namespace LibItsSecurity__Functions * \fn OCTETSTRING fx__signWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key * \return The signature value */ Loading @@ -70,7 +70,7 @@ namespace LibItsSecurity__Functions loggers::get_instance().log_msg(">>> fx__signWithEcdsaNistp256WithSha256: private key=", p__privateKey); // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__privateKey.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 32) || (p__privateKey.lengthof() != 32)) { loggers::get_instance().log("fx__signWithEcdsaNistp256WithSha256: Wrong parameters"); return OCTETSTRING(); } Loading @@ -81,15 +81,15 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage)); hash.generate(tbs, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hash.generate(issuer, hashData2); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash (Data input)=", hashData1.data(), hashData1.size()); loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash (Signer identifier input)=", hashData2.data(), hashData2.size()); hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input) loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash (Data input) || Hash (Signer identifier input)=", hashData1.data(), hashData1.size()); std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) ) hash.generate(hashData1, hashData); loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size()); Loading @@ -114,7 +114,7 @@ namespace LibItsSecurity__Functions * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key * \return The signature value */ Loading @@ -124,7 +124,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__privateKey ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__privateKey.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 32) || (p__privateKey.lengthof() != 32)) { loggers::get_instance().log("fx__signWithEcdsaBrainpoolp256WithSha256: Wrong parameters"); return OCTETSTRING(); } Loading @@ -135,9 +135,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage)); hash.generate(tbs, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hash.generate(issuer, hashData2); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading Loading @@ -168,7 +167,7 @@ namespace LibItsSecurity__Functions * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key * \return The signature value */ Loading @@ -178,7 +177,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__privateKey ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__privateKey.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 48) || (p__privateKey.lengthof() != 48)) { loggers::get_instance().log("fx__signWithEcdsaBrainpoolp384WithSha384: Wrong parameters"); return OCTETSTRING(); } Loading @@ -189,9 +188,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage)); hash.generate(tbs, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hash.generate(issuer, hashData2); if (p__certificateIssuer != int2oct(0, 48)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha384_empty_string(); // Hash of empty string } Loading Loading @@ -222,7 +220,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaNistp256PublicKeyCompressed); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaNistp256PublicKeyCompressed The compressed public key (x coordinate only) * \return true on success, false otherwise Loading @@ -231,11 +229,11 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__certificateIssuer, const OCTETSTRING& p__signature, const OCTETSTRING& , const OCTETSTRING& p__ecdsaNistp256PublicKeyCompressed, const INTEGER& p__compressedMode ) {p__ecdsaNistp256PublicKeyCompressed ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 64) || (p__ecdsaNistp256PublicKeyCompressed.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64) || (p__ecdsaNistp256PublicKeyCompressed.lengthof() != 32)) { loggers::get_instance().log("fx__verifyWithEcdsaNistp256WithSha256: Wrong parameters"); return FALSE; } Loading @@ -246,9 +244,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading @@ -273,7 +270,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaNistp256PublicKeyX, const OCTETSTRING& p__ecdsaNistp256PublicKeyY); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaNistp256PublicKeyX The public key (x coordinate) * \param[in] p__ecdsaNistp256PublicKeyY The public key (y coordinate) Loading @@ -287,7 +284,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaNistp256PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 64)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64)) { loggers::get_instance().log("fx__verifyWithEcdsaNistp256WithSha256__1: Wrong parameters"); return FALSE; } Loading @@ -298,9 +295,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading @@ -327,7 +323,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyCompressed); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaBrainpoolp256PublicKeyCompressed The compressed public key (x coordinate only) * \return true on success, false otherwise Loading @@ -340,7 +336,7 @@ namespace LibItsSecurity__Functions const INTEGER& p__compressedMode ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 64) || (p__ecdsaNistp256PublicKeyCompressed.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64) || (p__ecdsaBrainpoolp256PublicKeyCompressed.lengthof() != 32)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp256WithSha256: Wrong parameters"); return FALSE; } Loading @@ -351,9 +347,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading @@ -378,7 +373,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaBrainpoolp256PublicKeyX The public key (x coordinate) * \param[in] p__ecdsaBrainpoolp256PublicKeyY The public key (y coordinate) Loading @@ -392,7 +387,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 64)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Wrong parameters"); return FALSE; } Loading @@ -403,9 +398,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading @@ -431,7 +425,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyCompressed); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaBrainpoolp384PublicKeyCompressed The compressed public key (x coordinate only) * \return true on success, false otherwise Loading @@ -444,7 +438,7 @@ namespace LibItsSecurity__Functions const INTEGER& p__compressedMode ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 96) || (p__ecdsaBrainpoolp384PublicKeyCompressed.lengthof() != 48)) { if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96) || (p__ecdsaBrainpoolp384PublicKeyCompressed.lengthof() != 48)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp384WithSha384: Wrong parameters"); return FALSE; } Loading @@ -455,9 +449,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 48)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha384_empty_string(); // Hash of empty string } Loading @@ -482,7 +475,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaBrainpoolp384PublicKeyX The public key (x coordinate) * \param[in] p__ecdsaBrainpoolp384PublicKeyY The public key (y coordinate) Loading @@ -496,7 +489,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY ) { // Sanity checks if (p__certificateIssuer.lengthof() != 48) { if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp384WithSha384__1: Wrong parameters"); return FALSE; } Loading @@ -507,9 +500,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha384_empty_string(); // Hash of empty string } Loading ccsrc/Protocols/Security/certificates_loader.cc +14 −3 Original line number Diff line number Diff line Loading @@ -7,6 +7,9 @@ #include "etsi_ts103097_certificate_codec.hh" #include "sha256.hh" #include "sha384.hh" #include "converter.hh" #include "loggers.hh" Loading Loading @@ -231,24 +234,32 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi } } std::vector<unsigned char> hashed_id(0x00, 8); std::vector<unsigned char> issuer; if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { std::vector<unsigned char> hash; sha256 sha; sha.generate(certificate, hash); std::copy(hash.cend() - 8, hash.cend(), hashed_id.begin()); issuer.assign( static_cast<const unsigned char*>(decoded_certificate.issuer().sha256AndDigest()), decoded_certificate.issuer().sha256AndDigest().lengthof() + static_cast<const unsigned char*>(decoded_certificate.issuer().sha256AndDigest()) ); } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { std::vector<unsigned char> hash; sha384 sha; sha.generate(certificate, hash); std::copy(hash.cend() - 8, hash.cend(), hashed_id.begin()); issuer.assign( static_cast<const unsigned char*>(decoded_certificate.issuer().sha384AndDigest()), decoded_certificate.issuer().sha384AndDigest().lengthof() + static_cast<const unsigned char*>(decoded_certificate.issuer().sha384AndDigest()) ); } else { hashed_id.resize(8); issuer.resize(8); } loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: issuer: ", issuer.data(), issuer.size()); std::vector<unsigned char> hashed_id(32, 0x00); loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id.data(), hashed_id.size()); loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: issuer: ", issuer.data(), issuer.size()); // Create new record p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>( Loading ccsrc/Protocols/Security/security_ecc.cc +2 −2 Original line number Diff line number Diff line Loading @@ -741,7 +741,7 @@ int security_ecc::sign_verif(const std::vector<unsigned char>& p_data, const std // Sanity checks if (p_data.size() == 0) { return false; return -1; } // Build the signature Loading @@ -759,7 +759,7 @@ int security_ecc::sign_verif(const std::vector<unsigned char>& p_data, const std int result = ::ECDSA_do_verify(p_data.data(), p_data.size(), signature, _ec_key); ::ECDSA_SIG_free(signature); loggers::get_instance().log("security_ecc::sign_verif: %s", (result == 1) ? "succeed": "failed"); return result != 1; return (result == 1) ? 0 : -1; } const int security_ecc::init() { loggers::get_instance().log(">>> security_ecc::init: %d", static_cast<int>(_elliptic_curve)); Loading Loading
ccsrc/Externals/LibItsSecurity_externals.cc +39 −47 Original line number Diff line number Diff line Loading @@ -56,7 +56,7 @@ namespace LibItsSecurity__Functions * \fn OCTETSTRING fx__signWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key * \return The signature value */ Loading @@ -70,7 +70,7 @@ namespace LibItsSecurity__Functions loggers::get_instance().log_msg(">>> fx__signWithEcdsaNistp256WithSha256: private key=", p__privateKey); // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__privateKey.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 32) || (p__privateKey.lengthof() != 32)) { loggers::get_instance().log("fx__signWithEcdsaNistp256WithSha256: Wrong parameters"); return OCTETSTRING(); } Loading @@ -81,15 +81,15 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage)); hash.generate(tbs, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hash.generate(issuer, hashData2); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash (Data input)=", hashData1.data(), hashData1.size()); loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash (Signer identifier input)=", hashData2.data(), hashData2.size()); hashData1.insert(hashData1.end(), hashData2.cbegin(), hashData2.cend()); // Hash (Data input) || Hash (Signer identifier input) loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash (Data input) || Hash (Signer identifier input)=", hashData1.data(), hashData1.size()); std::vector<unsigned char> hashData; // Hash ( Hash (Data input) || Hash (Signer identifier input) ) hash.generate(hashData1, hashData); loggers::get_instance().log_to_hexa("fx__signWithEcdsaNistp256WithSha256: Hash ( Hash (Data input) || Hash (Signer identifier input) )=", hashData.data(), hashData.size()); Loading @@ -114,7 +114,7 @@ namespace LibItsSecurity__Functions * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key * \return The signature value */ Loading @@ -124,7 +124,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__privateKey ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__privateKey.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 32) || (p__privateKey.lengthof() != 32)) { loggers::get_instance().log("fx__signWithEcdsaBrainpoolp256WithSha256: Wrong parameters"); return OCTETSTRING(); } Loading @@ -135,9 +135,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage)); hash.generate(tbs, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hash.generate(issuer, hashData2); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading Loading @@ -168,7 +167,7 @@ namespace LibItsSecurity__Functions * \fn OCTETSTRING fx__signWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeSignedSecuredMessage, const OCTETSTRING& p__privateKey); * \brief Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature * \param[in] p__toBeSignedSecuredMessage The data to be signed * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__privateKey The private key * \return The signature value */ Loading @@ -178,7 +177,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__privateKey ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__privateKey.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 48) || (p__privateKey.lengthof() != 48)) { loggers::get_instance().log("fx__signWithEcdsaBrainpoolp384WithSha384: Wrong parameters"); return OCTETSTRING(); } Loading @@ -189,9 +188,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbs(static_cast<const unsigned char *>(p__toBeSignedSecuredMessage), p__toBeSignedSecuredMessage.lengthof() + static_cast<const unsigned char *>(p__toBeSignedSecuredMessage)); hash.generate(tbs, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hash.generate(issuer, hashData2); if (p__certificateIssuer != int2oct(0, 48)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha384_empty_string(); // Hash of empty string } Loading Loading @@ -222,7 +220,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaNistp256PublicKeyCompressed); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaNistp256PublicKeyCompressed The compressed public key (x coordinate only) * \return true on success, false otherwise Loading @@ -231,11 +229,11 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__certificateIssuer, const OCTETSTRING& p__signature, const OCTETSTRING& , const OCTETSTRING& p__ecdsaNistp256PublicKeyCompressed, const INTEGER& p__compressedMode ) {p__ecdsaNistp256PublicKeyCompressed ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 64) || (p__ecdsaNistp256PublicKeyCompressed.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64) || (p__ecdsaNistp256PublicKeyCompressed.lengthof() != 32)) { loggers::get_instance().log("fx__verifyWithEcdsaNistp256WithSha256: Wrong parameters"); return FALSE; } Loading @@ -246,9 +244,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading @@ -273,7 +270,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaNistp256WithSha256_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaNistp256PublicKeyX, const OCTETSTRING& p__ecdsaNistp256PublicKeyY); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaNistp256PublicKeyX The public key (x coordinate) * \param[in] p__ecdsaNistp256PublicKeyY The public key (y coordinate) Loading @@ -287,7 +284,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaNistp256PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 64)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64)) { loggers::get_instance().log("fx__verifyWithEcdsaNistp256WithSha256__1: Wrong parameters"); return FALSE; } Loading @@ -298,9 +295,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading @@ -327,7 +323,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyCompressed); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaBrainpoolp256PublicKeyCompressed The compressed public key (x coordinate only) * \return true on success, false otherwise Loading @@ -340,7 +336,7 @@ namespace LibItsSecurity__Functions const INTEGER& p__compressedMode ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 64) || (p__ecdsaNistp256PublicKeyCompressed.lengthof() != 32)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64) || (p__ecdsaBrainpoolp256PublicKeyCompressed.lengthof() != 32)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp256WithSha256: Wrong parameters"); return FALSE; } Loading @@ -351,9 +347,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading @@ -378,7 +373,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp256WithSha256_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaBrainpoolp256PublicKeyX The public key (x coordinate) * \param[in] p__ecdsaBrainpoolp256PublicKeyY The public key (y coordinate) Loading @@ -392,7 +387,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaBrainpoolp256PublicKeyY ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 64)) { if ((p__certificateIssuer.lengthof() != 32) || (p__signature.lengthof() != 64)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp256WithSha256__1: Wrong parameters"); return FALSE; } Loading @@ -403,9 +398,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha256_empty_string(); // Hash of empty string } Loading @@ -431,7 +425,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyCompressed); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaBrainpoolp384PublicKeyCompressed The compressed public key (x coordinate only) * \return true on success, false otherwise Loading @@ -444,7 +438,7 @@ namespace LibItsSecurity__Functions const INTEGER& p__compressedMode ) { // Sanity checks if ((p__certificateIssuer.lengthof() != 8) || (p__signature.lengthof() != 96) || (p__ecdsaBrainpoolp384PublicKeyCompressed.lengthof() != 48)) { if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96) || (p__ecdsaBrainpoolp384PublicKeyCompressed.lengthof() != 48)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp384WithSha384: Wrong parameters"); return FALSE; } Loading @@ -455,9 +449,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 48)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha384_empty_string(); // Hash of empty string } Loading @@ -482,7 +475,7 @@ namespace LibItsSecurity__Functions * \fn BOOLEAN fx__verifyWithEcdsaBrainpoolp384WithSha384_1(const OCTETSTRING& p__toBeVerifiedData, const OCTETSTRING& p__signature, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyX, const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY); * \brief Verify the signature of the specified data * \param[in] p__toBeVerifiedData The data to be verified * \param[in] p__certificateIssuer Certificate issuer * \param[in] p__certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate * \param[in] p__signature The signature * \param[in] p__ecdsaBrainpoolp384PublicKeyX The public key (x coordinate) * \param[in] p__ecdsaBrainpoolp384PublicKeyY The public key (y coordinate) Loading @@ -496,7 +489,7 @@ namespace LibItsSecurity__Functions const OCTETSTRING& p__ecdsaBrainpoolp384PublicKeyY ) { // Sanity checks if (p__certificateIssuer.lengthof() != 48) { if ((p__certificateIssuer.lengthof() != 48) || (p__signature.lengthof() != 96)) { loggers::get_instance().log("fx__verifyWithEcdsaBrainpoolp384WithSha384__1: Wrong parameters"); return FALSE; } Loading @@ -507,9 +500,8 @@ namespace LibItsSecurity__Functions std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), p__toBeVerifiedData.lengthof() + static_cast<const unsigned char *>(p__toBeVerifiedData)); hash.generate(tbh, hashData1); std::vector<unsigned char> hashData2; // Hash (Signer identifier input) if (p__certificateIssuer != int2oct(0, 8)) { // || Hash (Signer identifier input) std::vector<unsigned char> issuer = std::vector<unsigned char>(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); hashData2.insert(hashData1.end(), issuer.cbegin(), issuer.cend()); if (p__certificateIssuer != int2oct(0, 32)) { // || Hash (Signer identifier input) hashData2.assign(static_cast<const unsigned char*>(p__certificateIssuer), p__certificateIssuer.lengthof() + static_cast<const unsigned char*>(p__certificateIssuer)); } else { hashData2 = hash.get_sha384_empty_string(); // Hash of empty string } Loading
ccsrc/Protocols/Security/certificates_loader.cc +14 −3 Original line number Diff line number Diff line Loading @@ -7,6 +7,9 @@ #include "etsi_ts103097_certificate_codec.hh" #include "sha256.hh" #include "sha384.hh" #include "converter.hh" #include "loggers.hh" Loading Loading @@ -231,24 +234,32 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi } } std::vector<unsigned char> hashed_id(0x00, 8); std::vector<unsigned char> issuer; if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { std::vector<unsigned char> hash; sha256 sha; sha.generate(certificate, hash); std::copy(hash.cend() - 8, hash.cend(), hashed_id.begin()); issuer.assign( static_cast<const unsigned char*>(decoded_certificate.issuer().sha256AndDigest()), decoded_certificate.issuer().sha256AndDigest().lengthof() + static_cast<const unsigned char*>(decoded_certificate.issuer().sha256AndDigest()) ); } else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { std::vector<unsigned char> hash; sha384 sha; sha.generate(certificate, hash); std::copy(hash.cend() - 8, hash.cend(), hashed_id.begin()); issuer.assign( static_cast<const unsigned char*>(decoded_certificate.issuer().sha384AndDigest()), decoded_certificate.issuer().sha384AndDigest().lengthof() + static_cast<const unsigned char*>(decoded_certificate.issuer().sha384AndDigest()) ); } else { hashed_id.resize(8); issuer.resize(8); } loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: issuer: ", issuer.data(), issuer.size()); std::vector<unsigned char> hashed_id(32, 0x00); loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id.data(), hashed_id.size()); loggers::get_instance().log_to_hexa("certificates_loader::build_certificates_cache: issuer: ", issuer.data(), issuer.size()); // Create new record p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>( Loading
ccsrc/Protocols/Security/security_ecc.cc +2 −2 Original line number Diff line number Diff line Loading @@ -741,7 +741,7 @@ int security_ecc::sign_verif(const std::vector<unsigned char>& p_data, const std // Sanity checks if (p_data.size() == 0) { return false; return -1; } // Build the signature Loading @@ -759,7 +759,7 @@ int security_ecc::sign_verif(const std::vector<unsigned char>& p_data, const std int result = ::ECDSA_do_verify(p_data.data(), p_data.size(), signature, _ec_key); ::ECDSA_SIG_free(signature); loggers::get_instance().log("security_ecc::sign_verif: %s", (result == 1) ? "succeed": "failed"); return result != 1; return (result == 1) ? 0 : -1; } const int security_ecc::init() { loggers::get_instance().log(">>> security_ecc::init: %d", static_cast<int>(_elliptic_curve)); Loading
