Skip to content
GitLab
Commit b487f3e6 authored by garciay's avatar garciay
Browse files

Validation of TD_AUTO_IOT_DENM_RWW_BV_01 done

parent 07b08de4
Hide whitespace changes
Inline Side-by-side
ccsrc/Externals/LibItsSecurity_externals.cc
View file @ b487f3e6
...@@ -9,11 +9,6 @@ ...@@ -9,11 +9,6 @@
#include "loggers.hh" #include "loggers.hh"
#define FIELD_SIZE_256 (256/8)
#define SIGNATURE_SIZE_256 (2+FIELD_SIZE_256*2)
#define FIELD_SIZE_384 (384/8)
#define SIGNATURE_SIZE_384 (2+FIELD_SIZE_284*2)
namespace LibItsSecurity__Functions namespace LibItsSecurity__Functions
{ {
......
ccsrc/Protocols/Security/security_db.cc
View file @ b487f3e6
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
#include "loggers.hh" #include "loggers.hh"
security_db::security_db(): _certificates() { security_db::security_db(): _certificates(), _hashed_id8s() {
loggers::get_instance().log(">>> security_db::security_db"); loggers::get_instance().log(">>> security_db::security_db");
} // End of ctor } // End of ctor
...@@ -15,6 +15,7 @@ security_db::security_db(const std::string& p_db_path): security_db() { ...@@ -15,6 +15,7 @@ security_db::security_db(const std::string& p_db_path): security_db() {
if (p_db_path.empty()) { if (p_db_path.empty()) {
simulate_certificates(); simulate_certificates();
dump();
} else { } else {
load_from_files(p_db_path); load_from_files(p_db_path);
dump(); dump();
...@@ -23,8 +24,23 @@ security_db::security_db(const std::string& p_db_path): security_db() { ...@@ -23,8 +24,23 @@ security_db::security_db(const std::string& p_db_path): security_db() {
security_db::~security_db() { security_db::~security_db() {
_certificates.clear(); // Smart pointers will do the job _certificates.clear(); // Smart pointers will do the job
_hashed_id8s.clear();
} // End of dtor } // End of dtor
int security_db::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const {
loggers::get_instance().log_msg(">>> security_db::get_certificate_id: ", p_hashed_id8);
std::vector<unsigned char> key(static_cast<const unsigned char*>(p_hashed_id8), p_hashed_id8.lengthof() + static_cast<const unsigned char*>(p_hashed_id8));
std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.find(key);
if (it == _hashed_id8s.cend()) {
p_certifcate_id = "";
return -1;
}
p_certifcate_id = it->second;
return 0;
}
int security_db::get_certificate(const std::string& p_certificate_id, OCTETSTRING& p_certificate) const { int security_db::get_certificate(const std::string& p_certificate_id, OCTETSTRING& p_certificate) const {
loggers::get_instance().log(">>> security_db::get_certificate: '%s'", p_certificate_id.c_str()); loggers::get_instance().log(">>> security_db::get_certificate: '%s'", p_certificate_id.c_str());
...@@ -124,6 +140,11 @@ int security_db::simulate_certificates() { ...@@ -124,6 +140,11 @@ int security_db::simulate_certificates() {
yk // Public key Y yk // Public key Y
)) ))
)); ));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key);
if (it == _certificates.cend()) {
return -1;
}
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first));
} }
{ {
std::string key = "ta_cert_nistp256_sha256_aa"; std::string key = "ta_cert_nistp256_sha256_aa";
...@@ -143,6 +164,11 @@ int security_db::simulate_certificates() { ...@@ -143,6 +164,11 @@ int security_db::simulate_certificates() {
yk // Public key Y yk // Public key Y
)) ))
)); ));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key);
if (it == _certificates.cend()) {
return -1;
}
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first));
} }
{ {
std::string key = "ta_cert_nistp256_sha256_at"; std::string key = "ta_cert_nistp256_sha256_at";
...@@ -162,6 +188,11 @@ int security_db::simulate_certificates() { ...@@ -162,6 +188,11 @@ int security_db::simulate_certificates() {
yk // Public key Y yk // Public key Y
)) ))
)); ));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key);
if (it == _certificates.cend()) {
return -1;
}
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first));
} }
return 0; return 0;
...@@ -179,6 +210,9 @@ void security_db::dump() const { ...@@ -179,6 +210,9 @@ void security_db::dump() const {
loggers::get_instance().log_to_hexa("security_db::dump: public_key_x = ", p->public_key_x().data(), p->public_key_x().size()); loggers::get_instance().log_to_hexa("security_db::dump: public_key_x = ", p->public_key_x().data(), p->public_key_x().size());
loggers::get_instance().log_to_hexa("security_db::dump: public_key_y = ", p->public_key_y().data(), p->public_key_y().size()); loggers::get_instance().log_to_hexa("security_db::dump: public_key_y = ", p->public_key_y().data(), p->public_key_y().size());
} // End of 'for' statement } // End of 'for' statement
for (std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.cbegin(); it != _hashed_id8s.cend(); ++it) {
loggers::get_instance().log("security_db::dump: Hashedid8 idx = %s", it->second.c_str());
} // End of 'for' statement
} // End of method dump } // End of method dump
/****************************************************** /******************************************************
......
ccsrc/Protocols/Security/security_db.hh
View file @ b487f3e6
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
#include <string> #include <string>
#include <memory> #include <memory>
#include <vector>
#include <map> #include <map>
#include "security_db_record.hh" #include "security_db_record.hh"
...@@ -14,6 +15,7 @@ class OCTETSTRING; ...@@ -14,6 +15,7 @@ class OCTETSTRING;
*/ */
class security_db { class security_db {
std::map<const std::string, std::unique_ptr<security_db_record> > _certificates; //! List of the certificates indexed by the certficate identifier std::map<const std::string, std::unique_ptr<security_db_record> > _certificates; //! List of the certificates indexed by the certficate identifier
std::map<const std::vector<unsigned char>, const std::string&> _hashed_id8s; //! List of the certificates indexed by the HashedId8
public: /*! \publicsection */ public: /*! \publicsection */
/*! /*!
...@@ -29,6 +31,7 @@ public: /*! \publicsection */ ...@@ -29,6 +31,7 @@ public: /*! \publicsection */
*/ */
~security_db(); ~security_db();
int get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const;
int get_certificate(const std::string& p_certifcate_id, OCTETSTRING& p_certificate) const; int get_certificate(const std::string& p_certifcate_id, OCTETSTRING& p_certificate) const;
int get_hashed_id_issuer(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id_issuer) const; int get_hashed_id_issuer(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id_issuer) const;
int get_hashed_id(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id) const; int get_hashed_id(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id) const;
......
ccsrc/Protocols/Security/security_services.cc
View file @ b487f3e6
...@@ -136,9 +136,12 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si ...@@ -136,9 +136,12 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
} }
// Retrieve certificate identifier // Retrieve certificate identifier
loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signer = ", p_signed_data.signer()); loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signer = ", p_signed_data.signer());
std::string certificate_id;
result = -1;
if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_digest)) { if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_digest)) {
// TODO Retrieve the certificate identifier from digest // TODO Retrieve the certificate identifier from digest
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: TODO Retrieve the certificate identifier from digest"); loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: TODO Retrieve the certificate identifier from digest");
result = _security_db.get()->get_certificate_id(p_signed_data.signer().digest(), certificate_id);
} else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate)) { } else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate)) {
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier"); loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier");
return -1; return -1;
...@@ -146,11 +149,16 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si ...@@ -146,11 +149,16 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier"); loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier");
return -1; return -1;
} }
loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: certificate id = '%s'", certificate_id.c_str());
if (result == -1) {
loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Certificate not found for the specified signer");
return -1;
}
// Verify the signature of the ToBeSignedData // Verify the signature of the ToBeSignedData
loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signature = ", p_signed_data.signature__()); loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signature = ", p_signed_data.signature__());
result = -1; result = -1;
if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) { if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) {
result = verify_sign_ecdsa_nistp256(os, p_signed_data.signature__(), "", p_params); result = verify_sign_ecdsa_nistp256(os, p_signed_data.signature__(), certificate_id, p_params);
} else { } else {
// TODO // TODO
loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO"); loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO");
...@@ -226,7 +234,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo ...@@ -226,7 +234,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo
loggers::get_instance().warning("security_services:secure_gn_payload: Failed to secure payload"); loggers::get_instance().warning("security_services:secure_gn_payload: Failed to secure payload");
return -1; return -1;
} }
loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Add certifcate case"); loggers::get_instance().error("security_services::secured_gn_payload: TODO Add certifcate case");
// FIXME Need to decode certifcate, shall be done once is security_db // FIXME Need to decode certifcate, shall be done once is security_db
} }
IEEE1609dot2::SignedData signed_data( IEEE1609dot2::SignedData signed_data(
...@@ -286,7 +294,7 @@ int security_services::sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_d ...@@ -286,7 +294,7 @@ int security_services::sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_d
result = sign_ecdsa_nistp256(hashed_data, p_signature, p_params); result = sign_ecdsa_nistp256(hashed_data, p_signature, p_params);
} else { } else {
// TODO Add other signature algorithm // TODO Add other signature algorithm
loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO Add other signature algorithm"); loggers::get_instance().error("security_services::sign_tbs_data: TODO Add other signature algorithm");
result = -1; result = -1;
} }
if (result != 0) { if (result != 0) {
...@@ -364,28 +372,22 @@ int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609do ...@@ -364,28 +372,22 @@ int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609do
int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, Params& p_params) { int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, Params& p_params) {
loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_nistp256: ", p_hash); loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_nistp256: ", p_hash);
std::string certificate_id = p_params[Params::certificate] + "_at";
loggers::get_instance().log("security_services::sign_tbs_data: encoded certificate_id = '%s'", certificate_id.c_str());
OCTETSTRING public_key_x; OCTETSTRING public_key_x;
OCTETSTRING public_key_y; OCTETSTRING public_key_y;
if (_security_db->get_public_keys(certificate_id, public_key_x, public_key_y) != 0) { if (_security_db->get_public_keys(p_certificate_id, public_key_x, public_key_y) != 0) {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256: Failed to get public keys"); loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256: Failed to get public keys");
return -1; return -1;
} }
// // Calculate the hash
// sha256 hash; std::vector<unsigned char> hashData(static_cast<const unsigned char *>(p_hash), static_cast<const unsigned char *>(p_hash) + p_hash.lengthof());
// std::vector<unsigned char> hashData; OCTETSTRING os = p_signature.ecdsaNistP256Signature().rSig().x__only() + p_signature.ecdsaNistP256Signature().sSig();
// // TODO Create SHX interface and add generate method with std::vector std::vector<unsigned char> signature(static_cast<const unsigned char *>(os), static_cast<const unsigned char *>(os) + os.lengthof());
// std::vector<unsigned char> tbh(static_cast<const unsigned char *>(p__toBeVerifiedData), static_cast<const unsigned char *>(p__toBeVerifiedData) + p__toBeVerifiedData.lengthof()); std::vector<unsigned char> key_x(static_cast<const unsigned char *>(public_key_x), static_cast<const unsigned char *>(public_key_x) + public_key_x.lengthof());
// hash.generate(tbh, hashData); std::vector<unsigned char> key_y(static_cast<const unsigned char *>(public_key_y), static_cast<const unsigned char *>(public_key_y) + public_key_y.lengthof());
// // Check the signature ec_keys k(ec_elliptic_curves::nist_p_256, key_x, key_y);
// std::vector<unsigned char> signature(static_cast<const unsigned char *>(p__signature), static_cast<const unsigned char *>(p__signature) + p__signature.lengthof()); if (k.sign_verif(hashData, signature) == 0) {
// std::vector<unsigned char> pub_key_x(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyX) + p__ecdsaNistp256PublicKeyX.lengthof()); return 0;
// std::vector<unsigned char> pub_key_y(static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY), static_cast<const unsigned char *>(p__ecdsaNistp256PublicKeyY) + p__ecdsaNistp256PublicKeyY.lengthof()); }
// ec_keys k(ec_elliptic_curves::nist_p_256, pub_key_x, pub_key_y);
// if (k.sign_verif(hashData, signature) == 0) {
// return TRUE;
// }
return -1; return -1;
} }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment