Merge branch 'STF525' of https://forge.etsi.org/gitlab/ITS/ITS into STF525

fa91e779 · garciay · 7e91a81d · 74e1ea22 · fa91e779 · fa91e779
Commit fa91e779 authored Sep 19, 2018 by garciay
--- a/README.md
+++ b/README.md
@@ -253,7 +253,8 @@ $ cmake ../wireshark-for-ITS

 - Add specific compiler options to the file epan/dissectors/CMakeFiles/dissectors.dir/flags.make:
    - Find the variable C_FLAGS
-    - Append at the end the following compiler options: " -Wno-unused-const-variable -Wno-unused-function -Wunused-const-variable"
+    - Remove the flag : "-Wunused-const-variable"
+    - Add the flag: " -Werror"
 - Build Wireshark/tshark executing the following command

 ```sh

--- a/tools/itscertgen/asn1certgen/asn1certgen.c
+++ b/tools/itscertgen/asn1certgen/asn1certgen.c
@@ -17,10 +17,9 @@ static const char * _certName = NULL;
 static       char * _profileName = NULL;
 static       char * _signerName = NULL;
 static ecc_format   _outKeyFormat = ecc_bin;
-static const char * _verificationKey = NULL;
-static const char * _decriptionKey   = NULL;
 static const char * _keyPath = NULL;
 static int          _force = 0;
+static int          _no_gen = 0;
 static const char * _cfgFile = NULL;
 static int          _debug = 0;
 static int          _xer = 0;
@@ -70,13 +69,12 @@ static copt_t _options [] = {
 	{ "k", "key-format", COPT_STRENUM, (void*)_key_formats, "Keys output format (bin|hex|pem)[binary by default]" },
 	{ "S", "certs", COPT_STR, (void*)&_searchPath, "Certificates search path [Output path by default]" },
 	{ "K", "keys",  COPT_STR,  (void*)&_keyPath,       "Private key storage path [Output path by default]" },
-	{ "f", "force", COPT_BOOL, (void*)&_force,         "Force regenerate existing certificate and keys" },
-	{ "n", "name", COPT_STR, (void*)&_certName,        "Certificate name (take from profile by default)" },
-	{ "v", "vkey", COPT_STR, (void*)&_verificationKey, "Verification public key (generate key pair by default)" },
-	{ "e", "ekey", COPT_STR, (void*)&_decriptionKey,   "Encription public key (generate key pair if neccessary)" },
+	{ "f", "force", COPT_BOOL, (void*)&_force, "Force regenerate existing certificate and keys. [use existing by default]" },
+	{ "e", "no-generate", COPT_BOOL, (void*)&_no_gen, "Do not generate keys. [generate if necessary by default]" },
+	{ "n", "name", COPT_STR, (void*)&_certName, "Certificate name (take from profile by default)" },
 	{ "s", "signer", COPT_STR, (void*)&_signerName,   "Signer certificate name [take from profile by default]" },
 	{ "D", "debug", COPT_BOOL, (void*)&_debug,        "Dump hashes and other values [false]" },
-	{ "x", "oxer", COPT_BOOL, (void*)&_xer,      "Decode OER certificate to XER [false]" },
+	{ "x", "oxer", COPT_BOOL, (void*)&_xer,           "Decode OER certificate to XER [false]" },
 	{ NULL, NULL, COPT_END, NULL, NULL }
 };

@@ -84,8 +82,8 @@ char * _bin2hex(char * hex, size_t hlen, const char * bin, size_t blen);

 static int is_CurvePoint_empty(EccP256CurvePoint_t* point);

-static void fill_curve_point_eccP256(EccP256CurvePoint_t* point, ecc_curve_id curveType, char * keyPath);
-static void fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id curveType, char * keyPath);
+static int fill_curve_point_eccP256(EccP256CurvePoint_t* point, ecc_curve_id curveType, char * keyPath);
+static int fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id curveType, char * keyPath);

 static int _issuer_parser_cb(pxml_chunk_type_e _type,
 	const void *_chunk_data, size_t _chunk_size, void *_key)
@@ -403,52 +401,54 @@ int main(int argc, char ** argv)

 	// generate keys if necessary
 	// buf = name of private key file
+	int rc = -1;
 	cvstrncpy(buf, CERT_MAX_SIZE, _keyPath, "/", _profileName, EXT_VKEY, NULL);
-	if (_force){
-		remove(buf);
-	}
 	switch (cert->toBeSigned.verifyKeyIndicator.present){
 	case VerificationKeyIndicator_PR_verificationKey:
 		switch (cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.present){
 		case PublicVerificationKey_PR_ecdsaNistP256:
-			fill_curve_point_eccP256(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaNistP256, ecies_nistp256, buf);
+			rc = fill_curve_point_eccP256(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaNistP256, ecies_nistp256, buf);
 			break;
 		case PublicVerificationKey_PR_ecdsaBrainpoolP256r1:
-			fill_curve_point_eccP256(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaBrainpoolP256r1, ecies_brainpoolp256r, buf);
+			rc = fill_curve_point_eccP256(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaBrainpoolP256r1, ecies_brainpoolp256r, buf);
 			break;
 		case PublicVerificationKey_PR_ecdsaBrainpoolP384r1:
-			fill_curve_point_eccP384(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaBrainpoolP384r1, ecies_brainpoolp384r, buf);
+			rc = fill_curve_point_eccP384(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaBrainpoolP384r1, ecies_brainpoolp384r, buf);
 			break;
 		default:
 			fprintf(stderr, "Unknown verification key curve type\n");
-			return -1;
 		}
 		break;
 	case VerificationKeyIndicator_PR_reconstructionValue:
 		fprintf(stderr, "TODO: reconstruction value generation is unsupported yet\n");
-		return -1;
+		break;
 	case VerificationKeyIndicator_PR_NOTHING:
 	default:
 		fprintf(stderr, "Unknown verification key indicator type\n");
+		break;
+	}
+	if (rc < 0){
 		return -1;
 	}
 	if (cert->toBeSigned.encryptionKey){
+		rc = -1;
 		cvstrncpy(buf, CERT_MAX_SIZE, _keyPath, "/", _profileName, EXT_EKEY, NULL);
-		if (_force){
-			remove(buf);
-		}
 		switch (cert->toBeSigned.encryptionKey->publicKey.present){
 		case BasePublicEncryptionKey_PR_NOTHING:
 			cert->toBeSigned.encryptionKey->publicKey.present = BasePublicEncryptionKey_PR_eciesNistP256;
 		case BasePublicEncryptionKey_PR_eciesNistP256:
-			fill_curve_point_eccP256(&cert->toBeSigned.encryptionKey->publicKey.choice.eciesNistP256, ecies_nistp256, buf);
+			rc = fill_curve_point_eccP256(&cert->toBeSigned.encryptionKey->publicKey.choice.eciesNistP256, ecies_nistp256, buf);
 			break;
 		case BasePublicEncryptionKey_PR_eciesBrainpoolP256r1:
-			fill_curve_point_eccP256(&cert->toBeSigned.encryptionKey->publicKey.choice.eciesBrainpoolP256r1, ecies_brainpoolp256r, buf);
+			rc = fill_curve_point_eccP256(&cert->toBeSigned.encryptionKey->publicKey.choice.eciesBrainpoolP256r1, ecies_brainpoolp256r, buf);
 			break;
 		default:
+			fprintf(stderr, "Unknown encryption key curve type\n");
 			break;
 		}
+		if (rc < 0){
+			return -1;
+		}
 	}

 	cvstrncpy(buf, CERT_MAX_SIZE, _outPath, "/", _profileName, EXT_CERT, NULL);
@@ -489,26 +489,49 @@ static int is_CurvePoint_empty(EccP256CurvePoint_t* point)
 	}
 	return 1;
 }
-static void fill_curve_point_eccP256(EccP256CurvePoint_t* point, ecc_curve_id curveType, char * keyPath)
+static int fill_curve_point_eccP256(EccP256CurvePoint_t* point, ecc_curve_id curveType, char * keyPath)
 {
-	fill_curve_point_eccP384((EccP384CurvePoint_t*)point, curveType, keyPath);
+	return fill_curve_point_eccP384((EccP384CurvePoint_t*)point, curveType, keyPath);
 }

-static void fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id curveType, char * keyPath)
+static int fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id curveType, char * keyPath)
 {
-	void * key;
+	void * key = NULL;
 	char x[48], y[48];
 	int compressed_y;
 	int fsize;
-	key = ecc_key_private_load(keyPath, curveType);
+	int rc = -1;
+	char * e_pub = keyPath + strlen(keyPath);
+	if(!_force){
+		// check for public key
+		strcpy(e_pub, EXT_PUB);
+		key = ecc_key_public_load(keyPath, curveType);
+		if (_debug && key){
+			fprintf(stderr, "DEBUG: use pre-generated key %s\n", keyPath);
+		}
+		*e_pub = 0;
+	} else {
+		remove(keyPath);
+	}
 	if (key == NULL){
-		if (_debug){
-			fprintf(stderr, "DEBUG: generate key %s\n", keyPath);
+		key = ecc_key_private_load(keyPath, curveType);
+		if (key == NULL){
+			if (_no_gen){
+				fprintf(stderr, "ERROR: Key %s or %s%s not found\n", keyPath, keyPath, EXT_PUB);
+				return rc;
+			}
+			if (_debug){
+				fprintf(stderr, "DEBUG: generate key %s\n", keyPath);
+			}
+			key = ecc_key_gen(curveType);
+			ecc_key_private_save(key, keyPath, _outKeyFormat);
+			strcpy(e_pub, EXT_PUB);
+			ecc_key_public_save(key, keyPath, _outKeyFormat);
+		}else{
+			if (_debug){
+				fprintf(stderr, "DEBUG: use pre-generated key %s\n", keyPath);
+			}
 		}
-		key = ecc_key_gen(curveType);
-		ecc_key_private_save(key, keyPath, _outKeyFormat);
-		strcat(keyPath, EXT_PUB);
-		ecc_key_public_save(key, keyPath, _outKeyFormat);
 	}
 	fsize = ecc_key_public(key, x, y, &compressed_y);
 	if (fsize > 0){
@@ -526,6 +549,8 @@ static void fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id cu
 			*_bin2hex(hex, sizeof(hex), y, fsize) = 0;
 			fprintf(stderr, "DEBUG: %s_pub.y=%s\n", keyPath, hex);
 		}
+		rc = 0;
 	}
 	ecc_key_free(key);
+	return rc;
 }
--- a/tools/itscertgen/cshared/copts.c
+++ b/tools/itscertgen/cshared/copts.c
@@ -613,8 +613,9 @@ static const char* valnames[] = {
    "num", /* COPT_USHORT */
    "chr", /* COPT_CHAR   */
    "str", /* COPT_STR    */
-    "addr",/* COPT_HOST   */
-    "str", /* COPT_STRLIST*/
+	"addr",/* COPT_HOST   */
+	"path",/* COPT_PATH   */
+	"str", /* COPT_STRLIST*/
    "str", /* COPT_STRENUM*/
    "file",/* COPT_CFGFILE*/
    NULL,  /* COPT_HELP   */