Skip to content
GitLab
Commit b487f3e6 authored by garciay's avatar garciay
Browse files

Validation of TD_AUTO_IOT_DENM_RWW_BV_01 done

parent 07b08de4
Hide whitespace changes
Inline Side-by-side
ccsrc/Externals/LibItsSecurity_externals.cc
View file @ b487f3e6
......@@ -9,11 +9,6 @@
#include "loggers.hh"
#define FIELD_SIZE_256 (256/8)
#define SIGNATURE_SIZE_256 (2+FIELD_SIZE_256*2)
#define FIELD_SIZE_384 (384/8)
#define SIGNATURE_SIZE_384 (2+FIELD_SIZE_284*2)
namespace LibItsSecurity__Functions
{
......
ccsrc/Protocols/Security/security_db.cc
View file @ b487f3e6
......@@ -6,7 +6,7 @@
#include "loggers.hh"
security_db::security_db(): _certificates() {
security_db::security_db(): _certificates(), _hashed_id8s() {
loggers::get_instance().log(">>> security_db::security_db");
} // End of ctor
......@@ -15,6 +15,7 @@ security_db::security_db(const std::string& p_db_path): security_db() {
if (p_db_path.empty()) {
simulate_certificates();
dump();
} else {
load_from_files(p_db_path);
dump();
......@@ -23,8 +24,23 @@ security_db::security_db(const std::string& p_db_path): security_db() {
security_db::~security_db() {
_certificates.clear(); // Smart pointers will do the job
_hashed_id8s.clear();
} // End of dtor
int security_db::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const {
loggers::get_instance().log_msg(">>> security_db::get_certificate_id: ", p_hashed_id8);
std::vector<unsigned char> key(static_cast<const unsigned char*>(p_hashed_id8), p_hashed_id8.lengthof() + static_cast<const unsigned char*>(p_hashed_id8));
std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.find(key);
if (it == _hashed_id8s.cend()) {
p_certifcate_id = "";
return -1;
}
p_certifcate_id = it->second;
return 0;
}
int security_db::get_certificate(const std::string& p_certificate_id, OCTETSTRING& p_certificate) const {
loggers::get_instance().log(">>> security_db::get_certificate: '%s'", p_certificate_id.c_str());
......@@ -124,6 +140,11 @@ int security_db::simulate_certificates() {
yk // Public key Y
))
));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key);
if (it == _certificates.cend()) {
return -1;
}
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first));
}
{
std::string key = "ta_cert_nistp256_sha256_aa";
......@@ -143,6 +164,11 @@ int security_db::simulate_certificates() {
yk // Public key Y
))
));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key);
if (it == _certificates.cend()) {
return -1;
}
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first));
}
{
std::string key = "ta_cert_nistp256_sha256_at";
......@@ -162,6 +188,11 @@ int security_db::simulate_certificates() {
yk // Public key Y
))
));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key);
if (it == _certificates.cend()) {
return -1;
}
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first));
}
return 0;
......@@ -179,6 +210,9 @@ void security_db::dump() const {
loggers::get_instance().log_to_hexa("security_db::dump: public_key_x = ", p->public_key_x().data(), p->public_key_x().size());
loggers::get_instance().log_to_hexa("security_db::dump: public_key_y = ", p->public_key_y().data(), p->public_key_y().size());
} // End of 'for' statement
for (std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.cbegin(); it != _hashed_id8s.cend(); ++it) {
loggers::get_instance().log("security_db::dump: Hashedid8 idx = %s", it->second.c_str());
} // End of 'for' statement
} // End of method dump
/******************************************************
......
ccsrc/Protocols/Security/security_db.hh
View file @ b487f3e6
......@@ -2,6 +2,7 @@
#include <string>
#include <memory>
#include <vector>
#include <map>
#include "security_db_record.hh"
......@@ -14,6 +15,7 @@ class OCTETSTRING;
*/
class security_db {
std::map<const std::string, std::unique_ptr<security_db_record> > _certificates; //! List of the certificates indexed by the certficate identifier
std::map<const std::vector<unsigned char>, const std::string&> _hashed_id8s; //! List of the certificates indexed by the HashedId8
public: /*! \publicsection */
/*!
......@@ -29,6 +31,7 @@ public: /*! \publicsection */
*/
~security_db();
int get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const;
int get_certificate(const std::string& p_certifcate_id, OCTETSTRING& p_certificate) const;
int get_hashed_id_issuer(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id_issuer) const;
int get_hashed_id(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id) const;
......
ccsrc/Protocols/Security/security_services.cc
View file @ b487f3e6
......@@ -136,9 +136,12 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
}
// Retrieve certificate identifier
loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signer = ", p_signed_data.signer());
std::string certificate_id;
result = -1;
if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_digest)) {
// TODO Retrieve the certificate identifier from digest
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: TODO Retrieve the certificate identifier from digest");
loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: TODO Retrieve the certificate identifier from digest");
result = _security_db.get()->get_certificate_id(p_signed_data.signer().digest(), certificate_id);
} else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate)) {
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier");
return -1;
......@@ -146,11 +149,16 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier");
return -1;
}
loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: certificate id = '%s'", certificate_id.c_str());
if (result == -1) {
loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Certificate not found for the specified signer");
return -1;
}
// Verify the signature of the ToBeSignedData
loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signature = ", p_signed_data.signature__());
result = -1;
if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) {
result = verify_sign_ecdsa_nistp256(os, p_signed_data.signature__(), "", p_params);
result = verify_sign_ecdsa_nistp256(os, p_signed_data.signature__(), certificate_id, p_params);
} else {
// TODO
loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO");
......@@ -226,7 +234,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo
loggers::get_instance().warning("security_services:secure_gn_payload: Failed to secure payload");
return -1;
}
loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Add certifcate case");
loggers::get_instance().error("security_services::secured_gn_payload: TODO Add certifcate case");
// FIXME Need to decode certifcate, shall be done once is security_db
}
IEEE1609dot2::SignedData signed_data(
......@@ -286,7 +294,7 @@ int security_services::sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_d
result = sign_ecdsa_nistp256(hashed_data, p_signature, p_params);
} else {
// TODO Add other signature algorithm
loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Add other signature algorithm");
loggers::get_instance().error("security_services::sign_tbs_data: TODO Add other signature algorithm");
result = -1;
}
if (result != 0) {
......@@ -364,28 +372,22 @@ int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609do
int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, Params& p_params) {
loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_nistp256: ", p_hash);
std::string certificate_id = p_params[Params::certificate] + "_at";
loggers::get_instance().log("security_services::sign_tbs_data: encoded certificate_id = '%s'", certificate_id.c_str());
OCTETSTRING public_key_x;
OCTETSTRING public_key_y;
if (_security_db->get_public_keys(certificate_id, public_key_x, public_key_y) != 0) {
if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256: Failed to get public keys");
return -1;
}
// // Calculate the hash
// sha256 hash;
// std::vector<unsigned char> hashData;
// // TODO Create SHX interface and add generate method with std::vector
// std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), static_cast<const unsigned char *>(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof());
// hash.generate(tbh, hashData);
// // Check the signature
// std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof());
// std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX) + p__ecdsaNistp256PublicKeyX.lengthof());
// std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY) + p__ecdsaNistp256PublicKeyY.lengthof());
// ec_keys k(ec_elliptic_curves::nist_p_256, pub_key_x, pub_key_y);
// if (k.sign_verif(hashData, signature) == 0) {
// return TRUE;
// }
std::vector<unsigned char> hashData(static_cast<const unsigned char *>(p_hash), static_cast<const unsigned char *>(p_hash) + p_hash.lengthof());
OCTETSTRING os = p_signature.ecdsaNistP256Signature().rSig().x__only() + p_signature.ecdsaNistP256Signature().sSig();
std::vector<unsigned char> signature(static_cast<const unsigned char *>(os), static_cast<const unsigned char *>(os) + os.lengthof());
std::vector<unsigned char> key_x(static_cast<const unsigned char *>(public_key_x), static_cast<const unsigned char *>(public_key_x) + public_key_x.lengthof());
std::vector<unsigned char> key_y(static_cast<const unsigned char *>(public_key_y), static_cast<const unsigned char *>(public_key_y) + public_key_y.lengthof());
ec_keys k(ec_elliptic_curves::nist_p_256, key_x, key_y);
if (k.sign_verif(hashData, signature) == 0) {
return 0;
}
return -1;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment