Loading ccsrc/Protocols/Security/security_cache.cc +1 −1 Original line number Diff line number Diff line Loading @@ -150,8 +150,8 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST std::vector<unsigned char> public_key_y(static_cast<const unsigned char*>(p_public_key_y), static_cast<const unsigned char*>(p_public_key_y) + p_public_key_y.lengthof()); std::vector<unsigned char> hashed_id8(static_cast<const unsigned char*>(p_hashed_id8), static_cast<const unsigned char*>(p_hashed_id8) + p_hashed_id8.lengthof()); std::vector<unsigned char> issuer(static_cast<const unsigned char*>(p_issuer), static_cast<const unsigned char*>(p_issuer) + p_issuer.lengthof()); EtsiTs103097Codec_Certificate codec; IEEE1609dot2::CertificateBase decoded_certificate; EtsiTs103097Codec_Certificate codec; codec.decode(p_cert, decoded_certificate); loggers::get_instance().log_msg("security_cache::store_certificate: Decoded certificate: ", decoded_certificate); security_db_record* p = new security_db_record( Loading ccsrc/Protocols/Security/security_services.cc +106 −48 Original line number Diff line number Diff line Loading @@ -86,8 +86,9 @@ int security_services::process_ieee_1609_dot2_content(const IEEE1609dot2::Ieee16 loggers::get_instance().warning("security_services::process_ieee_1609_dot2_content: Unsupported IEEE 1609.2 Content, discard it"); return -1; } else if (p_ieee_1609_dot2_content.ischosen(IEEE1609dot2::Ieee1609Dot2Content::ALT_signedCertificateRequest)) { // TODO Set Certificate re-transmission flag and reset timer // Reset certificate timer loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Set Certificate re-transmission flag and reset timer"); _last_generation_time = 0; return 0; } else { // Shall never be reached loggers::get_instance().warning("security_services::process_ieee_1609_dot2_content: Undefined IEEE 1609.2 Content, discard it"); Loading Loading @@ -156,8 +157,8 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si if (result == -1) { // Check in the cache if (_security_cache.get()->get_certificate_id(p_signed_data.signer().digest(), certificate_id) == -1) { loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Unknown certificate, request it"); // Unknown certificate, request it loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Unknown certificate, request it"); const OCTETSTRING& os = p_signed_data.signer().digest(); _unknown_certificate.resize(3); const unsigned char* p = static_cast<const unsigned char*>(os) + os.lengthof() - 3; Loading @@ -166,12 +167,17 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si } // End of 'for' statement loggers::get_instance().log_to_hexa("security_services::process_ieee_1609_dot2_signed_data: HashedId3: ", _unknown_certificate.data(), _unknown_certificate.size()); } } } else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate)) { // Extract the certificate IEEE1609dot2::CertificateBase cert = p_signed_data.signer().certificate()[0]; // TODO Verify signature /* Encode the ToBeSignedCertificate // Reset certificate timer loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Reset certificate generation timer"); _last_generation_time = 0; } } else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate) && (p_signed_data.signer().certificate().size_of() != 0)) { // Extract the certificates /* for (int i = 0; i < p_signed_data.signer().certificate().size_of(); i++) { IEEE1609dot2::CertificateBase cert = p_signed_data.signer().certificate()[i]; // Verify signature of the ToBeSignedCertificate if (p_verify) { // Encode the ToBeSignedCertificate EtsiTs103097Codec_ToBeSignedData tbs_cert; OCTETSTRING os; tbs_cert.encode(cert.toBeSigned(), os); Loading @@ -183,23 +189,64 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si // Calculate the hash according to the hashId OCTETSTRING hashed_data; int result = -1; if (p_signed_data.hashId() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) { if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { result = hash_sha256(os, hashed_data); } else { } else if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { result = hash_sha384(os, hashed_data); }*/ // TODO Verify signature } else { loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported certificate issuer"); return -1; } loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: hash = ", hashed_data); // Verify signature of the ToBeSignedCertificate loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signature = ", cert.signature__()); result = -1; if (ceet.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) { // TODO result = verify_sign_ecdsa_nistp256(hashed_data, cert.signature__(), certificate_id, p_params); loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO"); } else { // TODO loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO"); } if (result != 0) { loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Failed to verify signature"); return -1; } } }*/ // End of 'for' statement for (int i = 0; i < p_signed_data.signer().certificate().size_of(); i++) { IEEE1609dot2::CertificateBase cert = p_signed_data.signer().certificate()[i]; if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { result = _security_db.get()->get_certificate_id_by_issuer(cert.issuer().sha256AndDigest(), certificate_id); if (result == -1) { if (_security_cache.get()->get_certificate_id_by_issuer(cert.issuer().sha256AndDigest(), certificate_id) == -1) { loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: Store new certificate in cache: ", cert); const std::vector<unsigned char> v(static_cast<const unsigned char*>(cert.issuer().sha256AndDigest()), static_cast<const unsigned char*>(cert.issuer().sha256AndDigest()) + cert.issuer().sha256AndDigest().lengthof()); certificate_id = converter::get_instance().bytes_to_hexa(v); // TODO Add it into the cache // certificate_id = ; // _security_cache.get()->store_certificate(); loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: Store new certificate in cache: ", cert); OCTETSTRING public_key_x, public_key_y; if (cert.toBeSigned().verifyKeyIndicator().verificationKey().ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { public_key_x = cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().uncompressedP256().x(); public_key_y = cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().uncompressedP256().y(); } else if (cert.toBeSigned().verifyKeyIndicator().verificationKey().ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { public_key_x = cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().uncompressedP256().x(); public_key_y = cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().uncompressedP256().y(); } else { loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported VerificationKey"); return -1; } OCTETSTRING os; _security_cache.get()->store_certificate( CHARSTRING(certificate_id.c_str()), os, os, public_key_x, public_key_y, os, //const OCTETSTRING& p_hashid8, cert.issuer().sha256AndDigest() ); } } } else if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { Loading @@ -207,16 +254,27 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si if (result == -1) { if (_security_cache.get()->get_certificate_id_by_issuer(cert.issuer().sha384AndDigest(), certificate_id) == -1) { loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: Store new certificate in cache: ", cert); const std::vector<unsigned char> v(static_cast<const unsigned char*>(cert.issuer().sha384AndDigest()), static_cast<const unsigned char*>(cert.issuer().sha384AndDigest()) + cert.issuer().sha384AndDigest().lengthof()); certificate_id = converter::get_instance().bytes_to_hexa(v); // TODO Add it into the cache // certificate_id = ; // _security_cache.get()->store_certificate(); /*loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: Store new certificate in cache: ", cert); _security_cache.get()->store_certificate( const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, int2oct(0, 32), const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer );*/ } } } else { } else { loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported certificate issuer"); return -1; } } // End of 'for' statement IEEE1609dot2::CertificateBase cert = p_signed_data.signer().certificate()[0]; } else { loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier"); return -1; Loading Loading
ccsrc/Protocols/Security/security_cache.cc +1 −1 Original line number Diff line number Diff line Loading @@ -150,8 +150,8 @@ int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETST std::vector<unsigned char> public_key_y(static_cast<const unsigned char*>(p_public_key_y), static_cast<const unsigned char*>(p_public_key_y) + p_public_key_y.lengthof()); std::vector<unsigned char> hashed_id8(static_cast<const unsigned char*>(p_hashed_id8), static_cast<const unsigned char*>(p_hashed_id8) + p_hashed_id8.lengthof()); std::vector<unsigned char> issuer(static_cast<const unsigned char*>(p_issuer), static_cast<const unsigned char*>(p_issuer) + p_issuer.lengthof()); EtsiTs103097Codec_Certificate codec; IEEE1609dot2::CertificateBase decoded_certificate; EtsiTs103097Codec_Certificate codec; codec.decode(p_cert, decoded_certificate); loggers::get_instance().log_msg("security_cache::store_certificate: Decoded certificate: ", decoded_certificate); security_db_record* p = new security_db_record( Loading
ccsrc/Protocols/Security/security_services.cc +106 −48 Original line number Diff line number Diff line Loading @@ -86,8 +86,9 @@ int security_services::process_ieee_1609_dot2_content(const IEEE1609dot2::Ieee16 loggers::get_instance().warning("security_services::process_ieee_1609_dot2_content: Unsupported IEEE 1609.2 Content, discard it"); return -1; } else if (p_ieee_1609_dot2_content.ischosen(IEEE1609dot2::Ieee1609Dot2Content::ALT_signedCertificateRequest)) { // TODO Set Certificate re-transmission flag and reset timer // Reset certificate timer loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Set Certificate re-transmission flag and reset timer"); _last_generation_time = 0; return 0; } else { // Shall never be reached loggers::get_instance().warning("security_services::process_ieee_1609_dot2_content: Undefined IEEE 1609.2 Content, discard it"); Loading Loading @@ -156,8 +157,8 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si if (result == -1) { // Check in the cache if (_security_cache.get()->get_certificate_id(p_signed_data.signer().digest(), certificate_id) == -1) { loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Unknown certificate, request it"); // Unknown certificate, request it loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Unknown certificate, request it"); const OCTETSTRING& os = p_signed_data.signer().digest(); _unknown_certificate.resize(3); const unsigned char* p = static_cast<const unsigned char*>(os) + os.lengthof() - 3; Loading @@ -166,12 +167,17 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si } // End of 'for' statement loggers::get_instance().log_to_hexa("security_services::process_ieee_1609_dot2_signed_data: HashedId3: ", _unknown_certificate.data(), _unknown_certificate.size()); } } } else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate)) { // Extract the certificate IEEE1609dot2::CertificateBase cert = p_signed_data.signer().certificate()[0]; // TODO Verify signature /* Encode the ToBeSignedCertificate // Reset certificate timer loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Reset certificate generation timer"); _last_generation_time = 0; } } else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate) && (p_signed_data.signer().certificate().size_of() != 0)) { // Extract the certificates /* for (int i = 0; i < p_signed_data.signer().certificate().size_of(); i++) { IEEE1609dot2::CertificateBase cert = p_signed_data.signer().certificate()[i]; // Verify signature of the ToBeSignedCertificate if (p_verify) { // Encode the ToBeSignedCertificate EtsiTs103097Codec_ToBeSignedData tbs_cert; OCTETSTRING os; tbs_cert.encode(cert.toBeSigned(), os); Loading @@ -183,23 +189,64 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si // Calculate the hash according to the hashId OCTETSTRING hashed_data; int result = -1; if (p_signed_data.hashId() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) { if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { result = hash_sha256(os, hashed_data); } else { } else if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { result = hash_sha384(os, hashed_data); }*/ // TODO Verify signature } else { loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported certificate issuer"); return -1; } loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: hash = ", hashed_data); // Verify signature of the ToBeSignedCertificate loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signature = ", cert.signature__()); result = -1; if (ceet.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) { // TODO result = verify_sign_ecdsa_nistp256(hashed_data, cert.signature__(), certificate_id, p_params); loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO"); } else { // TODO loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO"); } if (result != 0) { loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Failed to verify signature"); return -1; } } }*/ // End of 'for' statement for (int i = 0; i < p_signed_data.signer().certificate().size_of(); i++) { IEEE1609dot2::CertificateBase cert = p_signed_data.signer().certificate()[i]; if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) { result = _security_db.get()->get_certificate_id_by_issuer(cert.issuer().sha256AndDigest(), certificate_id); if (result == -1) { if (_security_cache.get()->get_certificate_id_by_issuer(cert.issuer().sha256AndDigest(), certificate_id) == -1) { loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: Store new certificate in cache: ", cert); const std::vector<unsigned char> v(static_cast<const unsigned char*>(cert.issuer().sha256AndDigest()), static_cast<const unsigned char*>(cert.issuer().sha256AndDigest()) + cert.issuer().sha256AndDigest().lengthof()); certificate_id = converter::get_instance().bytes_to_hexa(v); // TODO Add it into the cache // certificate_id = ; // _security_cache.get()->store_certificate(); loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: Store new certificate in cache: ", cert); OCTETSTRING public_key_x, public_key_y; if (cert.toBeSigned().verifyKeyIndicator().verificationKey().ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { public_key_x = cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().uncompressedP256().x(); public_key_y = cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaNistP256().uncompressedP256().y(); } else if (cert.toBeSigned().verifyKeyIndicator().verificationKey().ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { public_key_x = cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().uncompressedP256().x(); public_key_y = cert.toBeSigned().verifyKeyIndicator().verificationKey().ecdsaBrainpoolP256r1().uncompressedP256().y(); } else { loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported VerificationKey"); return -1; } OCTETSTRING os; _security_cache.get()->store_certificate( CHARSTRING(certificate_id.c_str()), os, os, public_key_x, public_key_y, os, //const OCTETSTRING& p_hashid8, cert.issuer().sha256AndDigest() ); } } } else if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) { Loading @@ -207,16 +254,27 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si if (result == -1) { if (_security_cache.get()->get_certificate_id_by_issuer(cert.issuer().sha384AndDigest(), certificate_id) == -1) { loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: Store new certificate in cache: ", cert); const std::vector<unsigned char> v(static_cast<const unsigned char*>(cert.issuer().sha384AndDigest()), static_cast<const unsigned char*>(cert.issuer().sha384AndDigest()) + cert.issuer().sha384AndDigest().lengthof()); certificate_id = converter::get_instance().bytes_to_hexa(v); // TODO Add it into the cache // certificate_id = ; // _security_cache.get()->store_certificate(); /*loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: Store new certificate in cache: ", cert); _security_cache.get()->store_certificate( const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, int2oct(0, 32), const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer );*/ } } } else { } else { loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported certificate issuer"); return -1; } } // End of 'for' statement IEEE1609dot2::CertificateBase cert = p_signed_data.signer().certificate()[0]; } else { loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier"); return -1; Loading
