Loading ccsrc/Externals/LibItsSecurity_externals.cc +0 −5 Original line number Diff line number Diff line Loading @@ -9,11 +9,6 @@ #include "loggers.hh" #define FIELD_SIZE_256 (256/8) #define SIGNATURE_SIZE_256 (2+FIELD_SIZE_256*2) #define FIELD_SIZE_384 (384/8) #define SIGNATURE_SIZE_384 (2+FIELD_SIZE_284*2) namespace LibItsSecurity__Functions { Loading ccsrc/Protocols/Security/security_db.cc +35 −1 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ #include "loggers.hh" security_db::security_db(): _certificates() { security_db::security_db(): _certificates(), _hashed_id8s() { loggers::get_instance().log(">>> security_db::security_db"); } // End of ctor Loading @@ -15,6 +15,7 @@ security_db::security_db(const std::string& p_db_path): security_db() { if (p_db_path.empty()) { simulate_certificates(); dump(); } else { load_from_files(p_db_path); dump(); Loading @@ -23,8 +24,23 @@ security_db::security_db(const std::string& p_db_path): security_db() { security_db::~security_db() { _certificates.clear(); // Smart pointers will do the job _hashed_id8s.clear(); } // End of dtor int security_db::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const { loggers::get_instance().log_msg(">>> security_db::get_certificate_id: ", p_hashed_id8); std::vector<unsigned char> key(static_cast<const unsigned char*>(p_hashed_id8), p_hashed_id8.lengthof() + static_cast<const unsigned char*>(p_hashed_id8)); std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.find(key); if (it == _hashed_id8s.cend()) { p_certifcate_id = ""; return -1; } p_certifcate_id = it->second; return 0; } int security_db::get_certificate(const std::string& p_certificate_id, OCTETSTRING& p_certificate) const { loggers::get_instance().log(">>> security_db::get_certificate: '%s'", p_certificate_id.c_str()); Loading Loading @@ -124,6 +140,11 @@ int security_db::simulate_certificates() { yk // Public key Y )) )); std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key); if (it == _certificates.cend()) { return -1; } _hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first)); } { std::string key = "ta_cert_nistp256_sha256_aa"; Loading @@ -143,6 +164,11 @@ int security_db::simulate_certificates() { yk // Public key Y )) )); std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key); if (it == _certificates.cend()) { return -1; } _hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first)); } { std::string key = "ta_cert_nistp256_sha256_at"; Loading @@ -162,6 +188,11 @@ int security_db::simulate_certificates() { yk // Public key Y )) )); std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key); if (it == _certificates.cend()) { return -1; } _hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first)); } return 0; Loading @@ -179,6 +210,9 @@ void security_db::dump() const { loggers::get_instance().log_to_hexa("security_db::dump: public_key_x = ", p->public_key_x().data(), p->public_key_x().size()); loggers::get_instance().log_to_hexa("security_db::dump: public_key_y = ", p->public_key_y().data(), p->public_key_y().size()); } // End of 'for' statement for (std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.cbegin(); it != _hashed_id8s.cend(); ++it) { loggers::get_instance().log("security_db::dump: Hashedid8 idx = %s", it->second.c_str()); } // End of 'for' statement } // End of method dump /****************************************************** Loading ccsrc/Protocols/Security/security_db.hh +3 −0 Original line number Diff line number Diff line Loading @@ -2,6 +2,7 @@ #include <string> #include <memory> #include <vector> #include <map> #include "security_db_record.hh" Loading @@ -14,6 +15,7 @@ class OCTETSTRING; */ class security_db { std::map<const std::string, std::unique_ptr<security_db_record> > _certificates; //! List of the certificates indexed by the certficate identifier std::map<const std::vector<unsigned char>, const std::string&> _hashed_id8s; //! List of the certificates indexed by the HashedId8 public: /*! \publicsection */ /*! Loading @@ -29,6 +31,7 @@ public: /*! \publicsection */ */ ~security_db(); int get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const; int get_certificate(const std::string& p_certifcate_id, OCTETSTRING& p_certificate) const; int get_hashed_id_issuer(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id_issuer) const; int get_hashed_id(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id) const; Loading ccsrc/Protocols/Security/security_services.cc +23 −21 Original line number Diff line number Diff line Loading @@ -136,9 +136,12 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si } // Retrieve certificate identifier loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signer = ", p_signed_data.signer()); std::string certificate_id; result = -1; if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_digest)) { // TODO Retrieve the certificate identifier from digest loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: TODO Retrieve the certificate identifier from digest"); loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: TODO Retrieve the certificate identifier from digest"); result = _security_db.get()->get_certificate_id(p_signed_data.signer().digest(), certificate_id); } else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate)) { loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier"); return -1; Loading @@ -146,11 +149,16 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier"); return -1; } loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: certificate id = '%s'", certificate_id.c_str()); if (result == -1) { loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Certificate not found for the specified signer"); return -1; } // Verify the signature of the ToBeSignedData loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signature = ", p_signed_data.signature__()); result = -1; if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) { result = verify_sign_ecdsa_nistp256(os, p_signed_data.signature__(), "", p_params); result = verify_sign_ecdsa_nistp256(os, p_signed_data.signature__(), certificate_id, p_params); } else { // TODO loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO"); Loading Loading @@ -226,7 +234,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo loggers::get_instance().warning("security_services:secure_gn_payload: Failed to secure payload"); return -1; } loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Add certifcate case"); loggers::get_instance().error("security_services::secured_gn_payload: TODO Add certifcate case"); // FIXME Need to decode certifcate, shall be done once is security_db } IEEE1609dot2::SignedData signed_data( Loading Loading @@ -286,7 +294,7 @@ int security_services::sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_d result = sign_ecdsa_nistp256(hashed_data, p_signature, p_params); } else { // TODO Add other signature algorithm loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Add other signature algorithm"); loggers::get_instance().error("security_services::sign_tbs_data: TODO Add other signature algorithm"); result = -1; } if (result != 0) { Loading Loading @@ -364,28 +372,22 @@ int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609do int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, Params& p_params) { loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_nistp256: ", p_hash); std::string certificate_id = p_params[Params::certificate] + "_at"; loggers::get_instance().log("security_services::sign_tbs_data: encoded certificate_id = '%s'", certificate_id.c_str()); OCTETSTRING public_key_x; OCTETSTRING public_key_y; if (_security_db->get_public_keys(certificate_id, public_key_x, public_key_y) != 0) { if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) { loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256: Failed to get public keys"); return -1; } // // Calculate the hash // sha256 hash; // std::vector<unsigned char> hashData; // // TODO Create SHX interface and add generate method with std::vector // std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), static_cast<const unsigned char *>(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof()); // hash.generate(tbh, hashData); // // Check the signature // std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof()); // std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX) + p__ecdsaNistp256PublicKeyX.lengthof()); // std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY) + p__ecdsaNistp256PublicKeyY.lengthof()); // ec_keys k(ec_elliptic_curves::nist_p_256, pub_key_x, pub_key_y); // if (k.sign_verif(hashData, signature) == 0) { // return TRUE; // } std::vector<unsigned char> hashData(static_cast<const unsigned char *>(p_hash), static_cast<const unsigned char *>(p_hash) + p_hash.lengthof()); OCTETSTRING os = p_signature.ecdsaNistP256Signature().rSig().x__only() + p_signature.ecdsaNistP256Signature().sSig(); std::vector<unsigned char> signature(static_cast<const unsigned char *>(os), static_cast<const unsigned char *>(os) + os.lengthof()); std::vector<unsigned char> key_x(static_cast<const unsigned char *>(public_key_x), static_cast<const unsigned char *>(public_key_x) + public_key_x.lengthof()); std::vector<unsigned char> key_y(static_cast<const unsigned char *>(public_key_y), static_cast<const unsigned char *>(public_key_y) + public_key_y.lengthof()); ec_keys k(ec_elliptic_curves::nist_p_256, key_x, key_y); if (k.sign_verif(hashData, signature) == 0) { return 0; } return -1; } Loading
ccsrc/Externals/LibItsSecurity_externals.cc +0 −5 Original line number Diff line number Diff line Loading @@ -9,11 +9,6 @@ #include "loggers.hh" #define FIELD_SIZE_256 (256/8) #define SIGNATURE_SIZE_256 (2+FIELD_SIZE_256*2) #define FIELD_SIZE_384 (384/8) #define SIGNATURE_SIZE_384 (2+FIELD_SIZE_284*2) namespace LibItsSecurity__Functions { Loading
ccsrc/Protocols/Security/security_db.cc +35 −1 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ #include "loggers.hh" security_db::security_db(): _certificates() { security_db::security_db(): _certificates(), _hashed_id8s() { loggers::get_instance().log(">>> security_db::security_db"); } // End of ctor Loading @@ -15,6 +15,7 @@ security_db::security_db(const std::string& p_db_path): security_db() { if (p_db_path.empty()) { simulate_certificates(); dump(); } else { load_from_files(p_db_path); dump(); Loading @@ -23,8 +24,23 @@ security_db::security_db(const std::string& p_db_path): security_db() { security_db::~security_db() { _certificates.clear(); // Smart pointers will do the job _hashed_id8s.clear(); } // End of dtor int security_db::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const { loggers::get_instance().log_msg(">>> security_db::get_certificate_id: ", p_hashed_id8); std::vector<unsigned char> key(static_cast<const unsigned char*>(p_hashed_id8), p_hashed_id8.lengthof() + static_cast<const unsigned char*>(p_hashed_id8)); std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.find(key); if (it == _hashed_id8s.cend()) { p_certifcate_id = ""; return -1; } p_certifcate_id = it->second; return 0; } int security_db::get_certificate(const std::string& p_certificate_id, OCTETSTRING& p_certificate) const { loggers::get_instance().log(">>> security_db::get_certificate: '%s'", p_certificate_id.c_str()); Loading Loading @@ -124,6 +140,11 @@ int security_db::simulate_certificates() { yk // Public key Y )) )); std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key); if (it == _certificates.cend()) { return -1; } _hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first)); } { std::string key = "ta_cert_nistp256_sha256_aa"; Loading @@ -143,6 +164,11 @@ int security_db::simulate_certificates() { yk // Public key Y )) )); std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key); if (it == _certificates.cend()) { return -1; } _hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first)); } { std::string key = "ta_cert_nistp256_sha256_at"; Loading @@ -162,6 +188,11 @@ int security_db::simulate_certificates() { yk // Public key Y )) )); std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key); if (it == _certificates.cend()) { return -1; } _hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first)); } return 0; Loading @@ -179,6 +210,9 @@ void security_db::dump() const { loggers::get_instance().log_to_hexa("security_db::dump: public_key_x = ", p->public_key_x().data(), p->public_key_x().size()); loggers::get_instance().log_to_hexa("security_db::dump: public_key_y = ", p->public_key_y().data(), p->public_key_y().size()); } // End of 'for' statement for (std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.cbegin(); it != _hashed_id8s.cend(); ++it) { loggers::get_instance().log("security_db::dump: Hashedid8 idx = %s", it->second.c_str()); } // End of 'for' statement } // End of method dump /****************************************************** Loading
ccsrc/Protocols/Security/security_db.hh +3 −0 Original line number Diff line number Diff line Loading @@ -2,6 +2,7 @@ #include <string> #include <memory> #include <vector> #include <map> #include "security_db_record.hh" Loading @@ -14,6 +15,7 @@ class OCTETSTRING; */ class security_db { std::map<const std::string, std::unique_ptr<security_db_record> > _certificates; //! List of the certificates indexed by the certficate identifier std::map<const std::vector<unsigned char>, const std::string&> _hashed_id8s; //! List of the certificates indexed by the HashedId8 public: /*! \publicsection */ /*! Loading @@ -29,6 +31,7 @@ public: /*! \publicsection */ */ ~security_db(); int get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const; int get_certificate(const std::string& p_certifcate_id, OCTETSTRING& p_certificate) const; int get_hashed_id_issuer(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id_issuer) const; int get_hashed_id(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id) const; Loading
ccsrc/Protocols/Security/security_services.cc +23 −21 Original line number Diff line number Diff line Loading @@ -136,9 +136,12 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si } // Retrieve certificate identifier loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signer = ", p_signed_data.signer()); std::string certificate_id; result = -1; if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_digest)) { // TODO Retrieve the certificate identifier from digest loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: TODO Retrieve the certificate identifier from digest"); loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: TODO Retrieve the certificate identifier from digest"); result = _security_db.get()->get_certificate_id(p_signed_data.signer().digest(), certificate_id); } else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate)) { loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier"); return -1; Loading @@ -146,11 +149,16 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier"); return -1; } loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: certificate id = '%s'", certificate_id.c_str()); if (result == -1) { loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Certificate not found for the specified signer"); return -1; } // Verify the signature of the ToBeSignedData loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signature = ", p_signed_data.signature__()); result = -1; if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) { result = verify_sign_ecdsa_nistp256(os, p_signed_data.signature__(), "", p_params); result = verify_sign_ecdsa_nistp256(os, p_signed_data.signature__(), certificate_id, p_params); } else { // TODO loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO"); Loading Loading @@ -226,7 +234,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo loggers::get_instance().warning("security_services:secure_gn_payload: Failed to secure payload"); return -1; } loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Add certifcate case"); loggers::get_instance().error("security_services::secured_gn_payload: TODO Add certifcate case"); // FIXME Need to decode certifcate, shall be done once is security_db } IEEE1609dot2::SignedData signed_data( Loading Loading @@ -286,7 +294,7 @@ int security_services::sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_d result = sign_ecdsa_nistp256(hashed_data, p_signature, p_params); } else { // TODO Add other signature algorithm loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Add other signature algorithm"); loggers::get_instance().error("security_services::sign_tbs_data: TODO Add other signature algorithm"); result = -1; } if (result != 0) { Loading Loading @@ -364,28 +372,22 @@ int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609do int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, Params& p_params) { loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_nistp256: ", p_hash); std::string certificate_id = p_params[Params::certificate] + "_at"; loggers::get_instance().log("security_services::sign_tbs_data: encoded certificate_id = '%s'", certificate_id.c_str()); OCTETSTRING public_key_x; OCTETSTRING public_key_y; if (_security_db->get_public_keys(certificate_id, public_key_x, public_key_y) != 0) { if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) { loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256: Failed to get public keys"); return -1; } // // Calculate the hash // sha256 hash; // std::vector<unsigned char> hashData; // // TODO Create SHX interface and add generate method with std::vector // std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), static_cast<const unsigned char *>(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof()); // hash.generate(tbh, hashData); // // Check the signature // std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof()); // std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX) + p__ecdsaNistp256PublicKeyX.lengthof()); // std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY) + p__ecdsaNistp256PublicKeyY.lengthof()); // ec_keys k(ec_elliptic_curves::nist_p_256, pub_key_x, pub_key_y); // if (k.sign_verif(hashData, signature) == 0) { // return TRUE; // } std::vector<unsigned char> hashData(static_cast<const unsigned char *>(p_hash), static_cast<const unsigned char *>(p_hash) + p_hash.lengthof()); OCTETSTRING os = p_signature.ecdsaNistP256Signature().rSig().x__only() + p_signature.ecdsaNistP256Signature().sSig(); std::vector<unsigned char> signature(static_cast<const unsigned char *>(os), static_cast<const unsigned char *>(os) + os.lengthof()); std::vector<unsigned char> key_x(static_cast<const unsigned char *>(public_key_x), static_cast<const unsigned char *>(public_key_x) + public_key_x.lengthof()); std::vector<unsigned char> key_y(static_cast<const unsigned char *>(public_key_y), static_cast<const unsigned char *>(public_key_y) + public_key_y.lengthof()); ec_keys k(ec_elliptic_curves::nist_p_256, key_x, key_y); if (k.sign_verif(hashData, signature) == 0) { return 0; } return -1; }
