Remove canonical encoding by default

tools/itscertgen/checker/certinfo.c

@@ -165,6 +165,7 @@ static int _xmlOutput = 0;
 static int _numeric = 0;
 static int _usePKey = 0;
 static const char * _issuerPath = NULL;
+static int _canonicalEncoding = 0;
 
 
 char * _es_bufs[8][64];
@@ -210,6 +211,7 @@ static copt_t options[] = {
 	{ "x", "xml", COPT_BOOL, &_xmlOutput, "Print xml profile" },
 	{ "n", "num", COPT_BOOL, &_numeric, "Keep numeric values" },
 	{ "k", "pkey", COPT_BOOL, &_usePKey, "Issuer is a public key" },
+	{ "E", "canonical", COPT_BOOL, &_canonicalEncoding, "Use canonical encoding (compatible with TS103097 v1.2.1 and earlier)" },
 	{ NULL, NULL, COPT_END, NULL, NULL }
 };
 
@@ -525,9 +527,14 @@ static void     calculate_certificate_digest(const char* data, int length, char
 	SHA256_CTX ctx;
 
 	SHA256_Init(&ctx);
-	SHA256_Update(&ctx, data, length - 65);
-	SHA256_Update(&ctx, &tmp, 1);
-	SHA256_Update(&ctx, data + length - 64, 64);
+	if (_canonicalEncoding){
+		SHA256_Update(&ctx, data, length - 65);
+		SHA256_Update(&ctx, &tmp, 1);
+		SHA256_Update(&ctx, data + length - 64, 64);
+	}
+	else{
+		SHA256_Update(&ctx, data, length);
+	}
 	SHA256_Final(hash, &ctx);
 	memcpy(digest, hash + 24, 8);
 }

tools/itscertgen/cxml/cxml_encode.c

@@ -10,6 +10,7 @@
 #include "cxml.h"
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 
 static const char _hex_digits[] = "0123456789ABCDEF";
 
@@ -67,7 +68,7 @@ int cxml_text_encode(void * const handler, char * * const p_dst,
         }else{
             /* check for supported symbol range */
             unsigned char ch = *s;
-            if(ch  < ' ' && ch != '\t' && ch != '\n' && ch != '\r'){
+			if (!isprint(ch)){
                 if(d + 5 > de){
                     if(-1 == _prepare(handler, &db, &d, &de)){
                         return -1;

tools/itscertgen/generator/certgen.c

@@ -268,6 +268,7 @@ static long         _refLon = 0;
 static const long double _latTMDPerMetter = 180.0 / M_PI / 0.6378;
 static long double       _lonTMDPerMetter = 180.0 / M_PI / 0.6378;
 static const char * _cfgFile = NULL;
+static int          _canonicalEncoding = 0;
 
 static void _setup_default_time()
 {
@@ -384,7 +385,8 @@ static copt_t options [] = {
 	{ "t", "reftime",     COPT_STR | COPT_CALLBACK, (void*)&_time_option, "Reference UTC time point (YYY-DD-MM) [current date]" },
 	{ "l", "reflocation", COPT_STR | COPT_CALLBACK, (void*)&_refPoint_option, "Reference location in form <lat>:<lon> [0.0:0.0]" },
 	{ "m", "macro", COPT_STR | COPT_CALLBACK, (void*)&_addMacro_option, "Add macro in form of name:value to process AID, SSP, etc." },
-	{ NULL, NULL,     COPT_END,  NULL, NULL }
+	{ "E", "canonical", COPT_BOOL, (void*)&_canonicalEncoding, "Use canonical encoding (compatible with TS103097 v1.2.1 and earlier)" },
+	{ NULL, NULL, COPT_END, NULL, NULL }
 };
 
 int main(int argc, char ** argv)
@@ -713,7 +715,9 @@ static int certificate_signer_tag (cxml_handler_t* const _h, cxml_tag_t * const
 								char hash[sha256_hash_size];
 								// change eccpoint type of the signature to x_coordinate_only(0) 
 								// to follow canonical encoding
-								h->ptr[size - 65] = 0;
+								if (_canonicalEncoding){
+									h->ptr[size - 65] = 0;
+								}
 								sha256_calculate(hash, h->ptr, size);
 #ifdef DEBUG_DATA
 								fprintf(stderr, "HASH (%s): ", h->signer);

tools/itscertgen/msgcheck/msgcheck.c

@@ -20,6 +20,7 @@
 
 #include "../cshared/cstr.h"
 #include "../cshared/cserialize.h"
+#include "../cshared/copts.h"
 
 static size_t   load_certificate(const char * path, char ** p);
 static EC_KEY * load_public_key(const char* path, const EC_GROUP * group);
@@ -128,6 +129,16 @@ static const char * _signer_types[] = {
 	"other",
 };
 
+static void usage(){
+	printf("Usage: msgcheck [Options] messages\n"
+		"Options:\n"
+		"  -c <certificate> Use this certificate instead of the one from message\n"
+		"  -k <public key>  Use the public key from given file\n"
+		"  -r               Reset. Use keys from messages\n"
+		"  -E               Use canonical encoding (compatible with TS103097 v1.2.1 and early\n");
+}
+
+static int _canonicalEncoding = 0;
 int main(int argc, char ** argv)
 {
 	int i;
@@ -136,7 +147,7 @@ int main(int argc, char ** argv)
 	char cert_digest[8] = { 0 };
 
 	if (argc < 2 || 0 == strcmp("-h", argv[1])){
-		printf("Usage: msgcheck [-c certificate] [-p pub key] messages\n");
+		usage();
 		return -1;
 	}
 
@@ -153,12 +164,13 @@ int main(int argc, char ** argv)
 		if (0 == strcmp("-c", argv[i])){
 			i++;
 			if (i == argc){
-				fprintf(stderr, "Usage: msgcheck [-c certificate] [-p pub key] messages\n");
+				fprintf(stderr, "ERROR: Certificate file is not set\n");
+				usage();
 				return -1;
 			}
 			len = load_certificate(argv[i], &data);
 			if (len == -1){
-				fprintf(stderr, "%s: can not load certificate\n", argv[i]);
+				fprintf(stderr, "ERROR: %s: Can not load certificate from file\n", argv[i]);
 				return -1;
 			}
 			
@@ -169,16 +181,16 @@ int main(int argc, char ** argv)
 			free(data); data = NULL;
 			continue;
 		}
-		if (0 == strcmp("-p", argv[i])){
+		if (0 == strcmp("-k", argv[i])){
 			i++;
 			if (i == argc){
-				fprintf(stderr, "Usage: msgcheck [-c certificate] [-p pub key] [-x|-b] messages\n");
-				return -1;
+				fprintf(stderr, "ERROR: Public key file is not set\n");
+				usage();
 			}
 			if (defkey) EC_KEY_free(defkey);
 			defkey = load_public_key(argv[i], group);
 			if (defkey == NULL){
-				fprintf(stderr, "%s: can not load public key\n", argv[i]);
+				fprintf(stderr, "ERROR: %s: can not load public key\n", argv[i]);
 				return -1;
 			}
 			continue;
@@ -190,6 +202,10 @@ int main(int argc, char ** argv)
 			}
 			continue;
 		}
+		if (0 == strcmp("-E", argv[i])){
+			_canonicalEncoding = 1;
+			continue;
+		}
 		e = cstraload(&data, argv[i]);
 		if (data == NULL){
 			fprintf(stderr, "%s: can not load message\n", argv[i]);
@@ -214,8 +230,8 @@ int main(int argc, char ** argv)
 			SHA256_Update(&ctx, data, e-data-66);
 			SHA256_Final(hash, &ctx);
 		}
-		printf("%s: HASH : %d bytes\n", argv[i], (int)(e-data-66)); 
-		printf("%s: HASH : %s\n", argv[i], cbin2hex(hash, 32)); 
+		printf("%s: HASH : %d bytes\n", argv[i], (int)(e-data-66));
+		printf("%s: HASH : %s\n", argv[i], cbin2hex(hash, 32));
 		if (defkey == NULL){
 			// get key from message signer
 			if (data[4] != si_certificate){
@@ -416,16 +432,21 @@ static void     calculate_certificate_digest(const char* data, int length, char
 {
 	// set signature point type to X
 	unsigned char hash[32];
-	unsigned char tmp = 0;
 	SHA256_CTX ctx;
 
 	SHA256_Init(&ctx);
-	SHA256_Update(&ctx, data, length - 65);
-	SHA256_Update(&ctx, &tmp, 1);
-	SHA256_Update(&ctx, data + length - 64, 64);
+	if (_canonicalEncoding) {
+		unsigned char tmp = 0;
+		SHA256_Update(&ctx, data, length - 65);
+		SHA256_Update(&ctx, &tmp, 1);
+		SHA256_Update(&ctx, data + length - 64, 64);
+	}else{
+		SHA256_Update(&ctx, data, length);
+	}
 	SHA256_Final(hash, &ctx);
 	memcpy(digest, hash + 24, 8);
 }
+
 /*
 static void print_x(FILE * f, const char * ptr, int len)
 {