Loading .clang-format +1 −1 Original line number Diff line number Diff line Loading @@ -44,7 +44,7 @@ BreakConstructorInitializersBeforeComma: false BreakConstructorInitializers: BeforeColon BreakAfterJavaFieldAnnotations: false BreakStringLiterals: true ColumnLimit: 160 ColumnLimit: 180 CommentPragmas: '^ IWYU pragma:' CompactNamespaces: false ConstructorInitializerAllOnOneLineOrOnePerLine: false Loading ccsrc/Externals/LibItsSecurity_externals.cc +3 −3 Original line number Diff line number Diff line Loading @@ -1879,7 +1879,7 @@ namespace LibItsSecurity__Functions { return TRUE; } BOOLEAN fx__store__certificate(const CHARSTRING &p__cert__id, const OCTETSTRING &p__cert, const OCTETSTRING &p__private__key, BOOLEAN fx__store__certificate(const INTEGER& p__signing__algorithm, const CHARSTRING &p__cert__id, const OCTETSTRING &p__cert, const OCTETSTRING &p__private__key, const OCTETSTRING &p__public__key__x, const OCTETSTRING &p__public__key__y, const OCTETSTRING &p__public__key__compressed, const INTEGER &p__public__key__compressed__mode, const OCTETSTRING &p__hash, const OCTETSTRING &p__hash__256, const OCTETSTRING &p__hashid8, const OCTETSTRING &p__issuer, const OCTETSTRING_template &p__private__enc__key, Loading @@ -1893,12 +1893,12 @@ namespace LibItsSecurity__Functions { const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof(); const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof(); result = security_services_its::get_instance().store_certificate( p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, static_cast<ec_elliptic_curves>(static_cast<const int>(p__signing__algorithm)), p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof()); } else { result = security_services_its::get_instance().store_certificate( p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, static_cast<ec_elliptic_curves>(static_cast<const int>(p__signing__algorithm)), p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1)); } Loading ccsrc/Protocols/Security/certificates_loader.cc +23 −56 Original line number Diff line number Diff line Loading @@ -119,7 +119,7 @@ std::map<OCTETSTRING, const std::string, security_cache_comp>& certificates_load int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const std::string p_certificate_name, std::map<std::string, std::unique_ptr<const security_db_record>> & p_certificates) { loggers::get_instance().log_msg(">>> certificates_loader::load_certificate", p_hashed_id8); loggers::get_instance().log(">>> certificates_loader::load_certificate: %s", p_certificate_name.c_str()); loggers::get_instance().log(">>> certificates_loader::load_certificate: '%s'", p_certificate_name.c_str()); std::experimental::filesystem::path p = _full_path.string() + "/" + p_certificate_name + _certificateExt; const std::string& key = p.stem(); Loading @@ -132,6 +132,7 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const OCTETSTRING certificate = int2oct(0, std::experimental::filesystem::file_size(p)); is.read((char *)static_cast<const unsigned char *>(certificate), certificate.lengthof()); is.close(); loggers::get_instance().log_msg("certificates_loader::load_certificate: certificate: ", certificate); // Load private key file OCTETSTRING private_key; Loading Loading @@ -237,26 +238,33 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const if (decoded_certificate.toBeSigned().verifyKeyIndicator().ischosen(Ieee1609Dot2::VerificationKeyIndicator::ALT_verificationKey)) { // loggers::get_instance().log_msg("certificates_loader::load_certificate: Decoded certificate: ", decoded_certificate); ec_elliptic_curves algorithm; OCTETSTRING public_key_x; OCTETSTRING public_key_y; OCTETSTRING public_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) Ieee1609Dot2BaseTypes::PublicVerificationKey &b = decoded_certificate.toBeSigned().verifyKeyIndicator().verificationKey(); if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { algorithm = ec_elliptic_curves::nist_p_256; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP384)) { algorithm = ec_elliptic_curves::nist_p_384; Ieee1609Dot2BaseTypes::EccP384CurvePoint &p = b.ecdsaNistP384(); fill_public_key_vectors(ec_elliptic_curves::nist_p_384, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { algorithm = ec_elliptic_curves::brainpool_p_256_r1; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP384r1)) { algorithm = ec_elliptic_curves::brainpool_p_384_r1; Ieee1609Dot2BaseTypes::EccP384CurvePoint &p = b.ecdsaBrainpoolP384r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_384_r1, p, public_comp_key, public_key_x, public_key_y); } else { // ALT_ecsigSm2 algorithm = ec_elliptic_curves::sm2_p_256; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecsigSm2(); fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_comp_key, public_key_x, public_key_y); } // loggers::get_instance().log("certificates_loader::load_certificate: algorithm: %d", algorithm); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_x: ", public_key_x); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_y: ", public_key_y); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_comp_key: ", public_comp_key); Loading @@ -280,30 +288,9 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const loggers::get_instance().log_msg("certificates_loader::load_certificate: hash: ", hash); loggers::get_instance().log_msg("certificates_loader::load_certificate: hashed_id: ", hashed_id); loggers::get_instance().log("certificates_loader::load_certificate: ######## key: '%s'", key.c_str()); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## certificate: ", certificate); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## decoded_certificate: ", decoded_certificate); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## issuer: ", issuer); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hash: ", hash); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hash_sha_256: ", hash_sha_256); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hashed_id: ", hashed_id); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## private_key: ", private_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_key_x: ", public_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_key_y: ", public_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_comp_key: ", public_comp_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## private_enc_key: ", private_enc_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_key_x: ", public_enc_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_key_y: ", public_enc_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_comp_key: ", public_enc_comp_key); // Create new record security_db_record *r = new security_db_record( algorithm, // Signing algorithm key, // Certificate name. Index key certificate, // Certificate decoded_certificate, Loading Loading @@ -346,18 +333,18 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const loggers::get_instance().log_msg("certificates_loader::load_certificate: Implicit certificate issuer: ", m.cbegin()->second->decoded_certificate()); // Retrieve the issuer signing key const Ieee1609Dot2BaseTypes::PublicVerificationKey &b = m.cbegin()->second->decoded_certificate().toBeSigned().verifyKeyIndicator().verificationKey(); ec_elliptic_curves algo; ec_elliptic_curves algorithm; OCTETSTRING issuer_sign_key_x; OCTETSTRING issuer_sign_key_y; OCTETSTRING issuer_sign_key_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); algo = ec_elliptic_curves::nist_p_256; algorithm = ec_elliptic_curves::nist_p_256; } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); algo = ec_elliptic_curves::brainpool_p_256_r1; algorithm = ec_elliptic_curves::brainpool_p_256_r1; } else { loggers::get_instance().warning("certificates_loader::load_certificate: Incosistent certificate issuer: Wrong PublicVerificationKey"); return -1; Loading Loading @@ -385,19 +372,21 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const OCTETSTRING input = hash_tbs + m.cbegin()->second->hash_sha_256(); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: input: ", input); // Reconstruction of the public key. security_ecc r_key(algo, rv_key_x, rv_key_y); // Reconstruction key OCTETSTRING public_key_x; // public keys X-coordinate OCTETSTRING public_key_y; // public keys Y-coordinate OCTETSTRING public_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) INTEGER public_comp_key_mode; // public compressed key mode (02 or 03) { security_ecc r_key(algorithm, rv_key_x, rv_key_y); // Reconstruction key if (r_key.reconstruct_public_keys(input, static_cast<const OCTETSTRING&>(issuer_sign_key_x), static_cast<const OCTETSTRING&>(issuer_sign_key_y), public_key_x, public_key_y, public_comp_key, public_comp_key_mode) == -1) { loggers::get_instance().warning("certificates_loader::load_certificate: Failed to encode toBeSigned"); return -1; } } loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_x: ", public_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_y: ", public_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: public_comp_key: ", public_comp_key); loggers::get_instance().log("certificates_loader::load_certificate: public_comp_key_mode: '%d': ", public_comp_key_mode); loggers::get_instance().log_msg("certificates_loader::load_certificate: public_comp_key_mode: ", public_comp_key_mode); OCTETSTRING hash = hash_sha_256; // Whole-certificate hash OCTETSTRING hashed_id; // Whole-certificate hashedid-8 Loading @@ -405,31 +394,9 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const loggers::get_instance().log_msg("certificates_loader::load_certificate: hash: ", hash); loggers::get_instance().log_msg("certificates_loader::load_certificate: hashed_id: ", hashed_id); loggers::get_instance().log("certificates_loader::load_certificate: ######## key: '%s'", key.c_str()); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## certificate: ", certificate); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## decoded_certificate: ", decoded_certificate); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## issuer: ", issuer); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hash: ", hash); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hash_sha_256: ", hash_sha_256); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hashed_id: ", hashed_id); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## private_key: ", private_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_key_x: ", public_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_key_y: ", public_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_comp_key: ", public_comp_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## private_enc_key: ", private_enc_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_key_x: ", public_enc_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_key_y: ", public_enc_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_comp_key: ", public_enc_comp_key); // Create new record security_db_record *r = new security_db_record( algorithm, // Signing algorithm key, // Certificate name. Index key certificate, // Certificate decoded_certificate, Loading ccsrc/Protocols/Security/security_cache.cc +49 −7 Original line number Diff line number Diff line Loading @@ -54,10 +54,13 @@ int security_cache::load_certificate(const std::string &p_certificate_id, const loggers::get_instance().warning("security_cache::load_certificate: Failed to load certificate"); return -1; } else { it = _certificates.find(p_certificate_id); //it = _certificates.find(p_certificate_id); *p_record = _certificates[p_certificate_id].get(); loggers::get_instance().log("security_cache::load_certificate: Added '%s'", (*p_record)->certificate_id().c_str()); return 0; } } loggers::get_instance().log_msg("security_cache::load_certificate: Loaded certificate: ", it->second.get()->decoded_certificate()); *p_record = it->second.get(); Loading Loading @@ -100,12 +103,36 @@ int security_cache::get_certificate(const std::string &p_certificate_id, Ieee160 const security_db_record* record; if (load_certificate(p_certificate_id, &record) == -1) { loggers::get_instance().warning("security_cache::get_private_key: Failed to load certificate"); loggers::get_instance().warning("security_cache::get_certificate (1): Failed to load certificate"); return -1; } loggers::get_instance().log("security_cache::get_certificate (1): Certificate loaded"); loggers::get_instance().log_msg("security_cache::get_certificate (1): Certificate loaded: ", record->decoded_certificate()); loggers::get_instance().log("security_cache::get_certificate (1): ######## algorithm: '%d'", record->signing_algorithm()); loggers::get_instance().log("security_cache::get_certificate (1): ######## key: '%s'", record->certificate_id().c_str()); loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## certificate: ", record->certificate()); loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## decoded_certificate: ", record->decoded_certificate()); loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## issuer: ", record->issuer()); loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## hash: ", record->hash()); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## hash_sha_256: ", hash_sha_256); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## hashed_id: ", hashed_id); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## private_key: ", private_key); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_key_x: ", public_key_x); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_key_y: ", public_key_y); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_comp_key: ", public_comp_key); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## private_enc_key: ", private_enc_key); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_enc_key_x: ", public_enc_key_x); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_enc_key_y: ", public_enc_key_y); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_enc_comp_key: ", public_enc_comp_key); //loggers::get_instance().log("<<< security_cache::get_certificate (1): Added '%s'", record->certificate_id().c_str()); //loggers::get_instance().log_msg("security_cache::get_certificate (1): ", record->decoded_certificate()); p_certificate = record->decoded_certificate(); return 0; Loading Loading @@ -153,6 +180,20 @@ int security_cache::get_certificate_hashed_id3(const OCTETSTRING &p_hashed_id3, return 0; } int security_cache::get_signing_algorithm(const std::string &p_certificate_id, ec_elliptic_curves* p_signing_algorithm) { loggers::get_instance().log(">>> security_cache::get_signing_algorithm: '%s'", p_certificate_id.c_str()); const security_db_record* record; if (load_certificate(p_certificate_id, &record) == -1) { loggers::get_instance().warning("security_cache::get_signing_algorithm: Failed to load certificate"); return -1; } *p_signing_algorithm = record->signing_algorithm(); return 0; } int security_cache::get_issuer(const std::string &p_certificate_id, OCTETSTRING &p_hashed_id_issuer) { loggers::get_instance().log(">>> security_cache::get_issuer: '%s'", p_certificate_id.c_str()); Loading Loading @@ -310,7 +351,7 @@ bool security_cache::fill_vector(OCTETSTRING &p_vector, const OCTETSTRING &p_org return false; } int security_cache::store_certificate(const CHARSTRING &p_cert_id, const OCTETSTRING &p_cert, const OCTETSTRING &p_private_key, int security_cache::store_certificate(const ec_elliptic_curves p_signing_algorithm, const CHARSTRING &p_cert_id, const OCTETSTRING &p_cert, const OCTETSTRING &p_private_key, const OCTETSTRING &p_public_key_x, const OCTETSTRING &p_public_key_y, const OCTETSTRING &p_public_compressed_key, const INTEGER &p_public_compressed_key_mode, const OCTETSTRING &p_hash, const OCTETSTRING &p_hash_sha_256, const OCTETSTRING &p_hashed_id8, const OCTETSTRING &p_issuer, const OCTETSTRING &p_private_enc_key, Loading Loading @@ -351,7 +392,8 @@ int security_cache::store_certificate(const CHARSTRING &p_cert_id, const OCTETST etsi_ts103097_certificate_codec codec; codec.decode(p_cert, decoded_certificate); loggers::get_instance().log_msg("security_cache::store_certificate: Decoded certificate: ", decoded_certificate); security_db_record *p = new security_db_record(key, // Certificate id security_db_record *p = new security_db_record(p_signing_algorithm, // Signing algorithm key, // Certificate id cert, // Certificate decoded_certificate, issuer, // Hashed ID for the issuer Loading ccsrc/Protocols/Security/security_cache.hh +9 −1 Original line number Diff line number Diff line Loading @@ -84,6 +84,14 @@ public: /*! \publicsection */ * \return 0 on success, -1 otherwise */ int get_certificate_hashed_id3(const OCTETSTRING &p_hashed_id3, std::string &p_certificate_id) const; /*! * \fn int get_signing_algorithm(const std::string &p_certificate_id, ec_elliptic_curves* p_signing_algorithm); * \brief Retrive the signing algorithm of the specified certificate (in case of Implicit certificate) * \param[in] p_certificate_id The certificate name * \param[out] p_hashed_id_issuer The HashedId8 of the isseur certificate * \return 0 on success, -1 otherwise */ int get_signing_algorithm(const std::string &p_certificate_id, ec_elliptic_curves* p_signing_algorithm); /*! * \fn int get_issuer(const std::string &p_certificate_id, OCTETSTRING &p_hashed_id_issuer); * \brief Retrive the issuer of the specified certificate Loading Loading @@ -169,7 +177,7 @@ public: /*! \publicsection */ */ int get_public_enc_comp_key(const std::string &p_certificate_id, OCTETSTRING &p_public_enc_comp_key, INTEGER &p_enc_comp_mode); virtual int store_certificate(const CHARSTRING &p_cert_id, const OCTETSTRING &p_cert, const OCTETSTRING &p_private_key, const OCTETSTRING &p_public_key_x, virtual int store_certificate(const ec_elliptic_curves p_signing_algorithm, const CHARSTRING &p_cert_id, const OCTETSTRING &p_cert, const OCTETSTRING &p_private_key, const OCTETSTRING &p_public_key_x, const OCTETSTRING &p_public_key_y, const OCTETSTRING &p_public_compressed_key, const INTEGER &p_public_compressed_key_mode, const OCTETSTRING &p_hash, const OCTETSTRING &p_hash_sha_256, const OCTETSTRING &p_hashid8, const OCTETSTRING &p_issuer, const OCTETSTRING &p_private_enc_key, const OCTETSTRING &p_public_enc_key_x, const OCTETSTRING &p_public_enc_key_y, Loading Loading
.clang-format +1 −1 Original line number Diff line number Diff line Loading @@ -44,7 +44,7 @@ BreakConstructorInitializersBeforeComma: false BreakConstructorInitializers: BeforeColon BreakAfterJavaFieldAnnotations: false BreakStringLiterals: true ColumnLimit: 160 ColumnLimit: 180 CommentPragmas: '^ IWYU pragma:' CompactNamespaces: false ConstructorInitializerAllOnOneLineOrOnePerLine: false Loading
ccsrc/Externals/LibItsSecurity_externals.cc +3 −3 Original line number Diff line number Diff line Loading @@ -1879,7 +1879,7 @@ namespace LibItsSecurity__Functions { return TRUE; } BOOLEAN fx__store__certificate(const CHARSTRING &p__cert__id, const OCTETSTRING &p__cert, const OCTETSTRING &p__private__key, BOOLEAN fx__store__certificate(const INTEGER& p__signing__algorithm, const CHARSTRING &p__cert__id, const OCTETSTRING &p__cert, const OCTETSTRING &p__private__key, const OCTETSTRING &p__public__key__x, const OCTETSTRING &p__public__key__y, const OCTETSTRING &p__public__key__compressed, const INTEGER &p__public__key__compressed__mode, const OCTETSTRING &p__hash, const OCTETSTRING &p__hash__256, const OCTETSTRING &p__hashid8, const OCTETSTRING &p__issuer, const OCTETSTRING_template &p__private__enc__key, Loading @@ -1893,12 +1893,12 @@ namespace LibItsSecurity__Functions { const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof(); const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof(); result = security_services_its::get_instance().store_certificate( p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, static_cast<ec_elliptic_curves>(static_cast<const int>(p__signing__algorithm)), p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof()); } else { result = security_services_its::get_instance().store_certificate( p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, static_cast<ec_elliptic_curves>(static_cast<const int>(p__signing__algorithm)), p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hash__256, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1)); } Loading
ccsrc/Protocols/Security/certificates_loader.cc +23 −56 Original line number Diff line number Diff line Loading @@ -119,7 +119,7 @@ std::map<OCTETSTRING, const std::string, security_cache_comp>& certificates_load int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const std::string p_certificate_name, std::map<std::string, std::unique_ptr<const security_db_record>> & p_certificates) { loggers::get_instance().log_msg(">>> certificates_loader::load_certificate", p_hashed_id8); loggers::get_instance().log(">>> certificates_loader::load_certificate: %s", p_certificate_name.c_str()); loggers::get_instance().log(">>> certificates_loader::load_certificate: '%s'", p_certificate_name.c_str()); std::experimental::filesystem::path p = _full_path.string() + "/" + p_certificate_name + _certificateExt; const std::string& key = p.stem(); Loading @@ -132,6 +132,7 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const OCTETSTRING certificate = int2oct(0, std::experimental::filesystem::file_size(p)); is.read((char *)static_cast<const unsigned char *>(certificate), certificate.lengthof()); is.close(); loggers::get_instance().log_msg("certificates_loader::load_certificate: certificate: ", certificate); // Load private key file OCTETSTRING private_key; Loading Loading @@ -237,26 +238,33 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const if (decoded_certificate.toBeSigned().verifyKeyIndicator().ischosen(Ieee1609Dot2::VerificationKeyIndicator::ALT_verificationKey)) { // loggers::get_instance().log_msg("certificates_loader::load_certificate: Decoded certificate: ", decoded_certificate); ec_elliptic_curves algorithm; OCTETSTRING public_key_x; OCTETSTRING public_key_y; OCTETSTRING public_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) Ieee1609Dot2BaseTypes::PublicVerificationKey &b = decoded_certificate.toBeSigned().verifyKeyIndicator().verificationKey(); if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { algorithm = ec_elliptic_curves::nist_p_256; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP384)) { algorithm = ec_elliptic_curves::nist_p_384; Ieee1609Dot2BaseTypes::EccP384CurvePoint &p = b.ecdsaNistP384(); fill_public_key_vectors(ec_elliptic_curves::nist_p_384, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { algorithm = ec_elliptic_curves::brainpool_p_256_r1; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP384r1)) { algorithm = ec_elliptic_curves::brainpool_p_384_r1; Ieee1609Dot2BaseTypes::EccP384CurvePoint &p = b.ecdsaBrainpoolP384r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_384_r1, p, public_comp_key, public_key_x, public_key_y); } else { // ALT_ecsigSm2 algorithm = ec_elliptic_curves::sm2_p_256; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecsigSm2(); fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_comp_key, public_key_x, public_key_y); } // loggers::get_instance().log("certificates_loader::load_certificate: algorithm: %d", algorithm); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_x: ", public_key_x); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_y: ", public_key_y); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_comp_key: ", public_comp_key); Loading @@ -280,30 +288,9 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const loggers::get_instance().log_msg("certificates_loader::load_certificate: hash: ", hash); loggers::get_instance().log_msg("certificates_loader::load_certificate: hashed_id: ", hashed_id); loggers::get_instance().log("certificates_loader::load_certificate: ######## key: '%s'", key.c_str()); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## certificate: ", certificate); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## decoded_certificate: ", decoded_certificate); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## issuer: ", issuer); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hash: ", hash); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hash_sha_256: ", hash_sha_256); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hashed_id: ", hashed_id); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## private_key: ", private_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_key_x: ", public_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_key_y: ", public_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_comp_key: ", public_comp_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## private_enc_key: ", private_enc_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_key_x: ", public_enc_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_key_y: ", public_enc_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_comp_key: ", public_enc_comp_key); // Create new record security_db_record *r = new security_db_record( algorithm, // Signing algorithm key, // Certificate name. Index key certificate, // Certificate decoded_certificate, Loading Loading @@ -346,18 +333,18 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const loggers::get_instance().log_msg("certificates_loader::load_certificate: Implicit certificate issuer: ", m.cbegin()->second->decoded_certificate()); // Retrieve the issuer signing key const Ieee1609Dot2BaseTypes::PublicVerificationKey &b = m.cbegin()->second->decoded_certificate().toBeSigned().verifyKeyIndicator().verificationKey(); ec_elliptic_curves algo; ec_elliptic_curves algorithm; OCTETSTRING issuer_sign_key_x; OCTETSTRING issuer_sign_key_y; OCTETSTRING issuer_sign_key_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); algo = ec_elliptic_curves::nist_p_256; algorithm = ec_elliptic_curves::nist_p_256; } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); algo = ec_elliptic_curves::brainpool_p_256_r1; algorithm = ec_elliptic_curves::brainpool_p_256_r1; } else { loggers::get_instance().warning("certificates_loader::load_certificate: Incosistent certificate issuer: Wrong PublicVerificationKey"); return -1; Loading Loading @@ -385,19 +372,21 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const OCTETSTRING input = hash_tbs + m.cbegin()->second->hash_sha_256(); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: input: ", input); // Reconstruction of the public key. security_ecc r_key(algo, rv_key_x, rv_key_y); // Reconstruction key OCTETSTRING public_key_x; // public keys X-coordinate OCTETSTRING public_key_y; // public keys Y-coordinate OCTETSTRING public_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) INTEGER public_comp_key_mode; // public compressed key mode (02 or 03) { security_ecc r_key(algorithm, rv_key_x, rv_key_y); // Reconstruction key if (r_key.reconstruct_public_keys(input, static_cast<const OCTETSTRING&>(issuer_sign_key_x), static_cast<const OCTETSTRING&>(issuer_sign_key_y), public_key_x, public_key_y, public_comp_key, public_comp_key_mode) == -1) { loggers::get_instance().warning("certificates_loader::load_certificate: Failed to encode toBeSigned"); return -1; } } loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_x: ", public_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_y: ", public_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: public_comp_key: ", public_comp_key); loggers::get_instance().log("certificates_loader::load_certificate: public_comp_key_mode: '%d': ", public_comp_key_mode); loggers::get_instance().log_msg("certificates_loader::load_certificate: public_comp_key_mode: ", public_comp_key_mode); OCTETSTRING hash = hash_sha_256; // Whole-certificate hash OCTETSTRING hashed_id; // Whole-certificate hashedid-8 Loading @@ -405,31 +394,9 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const loggers::get_instance().log_msg("certificates_loader::load_certificate: hash: ", hash); loggers::get_instance().log_msg("certificates_loader::load_certificate: hashed_id: ", hashed_id); loggers::get_instance().log("certificates_loader::load_certificate: ######## key: '%s'", key.c_str()); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## certificate: ", certificate); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## decoded_certificate: ", decoded_certificate); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## issuer: ", issuer); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hash: ", hash); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hash_sha_256: ", hash_sha_256); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## hashed_id: ", hashed_id); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## private_key: ", private_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_key_x: ", public_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_key_y: ", public_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_comp_key: ", public_comp_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## private_enc_key: ", private_enc_key); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_key_x: ", public_enc_key_x); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_key_y: ", public_enc_key_y); loggers::get_instance().log_msg("certificates_loader::load_certificate: ######## public_enc_comp_key: ", public_enc_comp_key); // Create new record security_db_record *r = new security_db_record( algorithm, // Signing algorithm key, // Certificate name. Index key certificate, // Certificate decoded_certificate, Loading
ccsrc/Protocols/Security/security_cache.cc +49 −7 Original line number Diff line number Diff line Loading @@ -54,10 +54,13 @@ int security_cache::load_certificate(const std::string &p_certificate_id, const loggers::get_instance().warning("security_cache::load_certificate: Failed to load certificate"); return -1; } else { it = _certificates.find(p_certificate_id); //it = _certificates.find(p_certificate_id); *p_record = _certificates[p_certificate_id].get(); loggers::get_instance().log("security_cache::load_certificate: Added '%s'", (*p_record)->certificate_id().c_str()); return 0; } } loggers::get_instance().log_msg("security_cache::load_certificate: Loaded certificate: ", it->second.get()->decoded_certificate()); *p_record = it->second.get(); Loading Loading @@ -100,12 +103,36 @@ int security_cache::get_certificate(const std::string &p_certificate_id, Ieee160 const security_db_record* record; if (load_certificate(p_certificate_id, &record) == -1) { loggers::get_instance().warning("security_cache::get_private_key: Failed to load certificate"); loggers::get_instance().warning("security_cache::get_certificate (1): Failed to load certificate"); return -1; } loggers::get_instance().log("security_cache::get_certificate (1): Certificate loaded"); loggers::get_instance().log_msg("security_cache::get_certificate (1): Certificate loaded: ", record->decoded_certificate()); loggers::get_instance().log("security_cache::get_certificate (1): ######## algorithm: '%d'", record->signing_algorithm()); loggers::get_instance().log("security_cache::get_certificate (1): ######## key: '%s'", record->certificate_id().c_str()); loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## certificate: ", record->certificate()); loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## decoded_certificate: ", record->decoded_certificate()); loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## issuer: ", record->issuer()); loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## hash: ", record->hash()); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## hash_sha_256: ", hash_sha_256); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## hashed_id: ", hashed_id); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## private_key: ", private_key); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_key_x: ", public_key_x); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_key_y: ", public_key_y); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_comp_key: ", public_comp_key); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## private_enc_key: ", private_enc_key); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_enc_key_x: ", public_enc_key_x); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_enc_key_y: ", public_enc_key_y); // loggers::get_instance().log_msg("security_cache::get_certificate (1): ######## public_enc_comp_key: ", public_enc_comp_key); //loggers::get_instance().log("<<< security_cache::get_certificate (1): Added '%s'", record->certificate_id().c_str()); //loggers::get_instance().log_msg("security_cache::get_certificate (1): ", record->decoded_certificate()); p_certificate = record->decoded_certificate(); return 0; Loading Loading @@ -153,6 +180,20 @@ int security_cache::get_certificate_hashed_id3(const OCTETSTRING &p_hashed_id3, return 0; } int security_cache::get_signing_algorithm(const std::string &p_certificate_id, ec_elliptic_curves* p_signing_algorithm) { loggers::get_instance().log(">>> security_cache::get_signing_algorithm: '%s'", p_certificate_id.c_str()); const security_db_record* record; if (load_certificate(p_certificate_id, &record) == -1) { loggers::get_instance().warning("security_cache::get_signing_algorithm: Failed to load certificate"); return -1; } *p_signing_algorithm = record->signing_algorithm(); return 0; } int security_cache::get_issuer(const std::string &p_certificate_id, OCTETSTRING &p_hashed_id_issuer) { loggers::get_instance().log(">>> security_cache::get_issuer: '%s'", p_certificate_id.c_str()); Loading Loading @@ -310,7 +351,7 @@ bool security_cache::fill_vector(OCTETSTRING &p_vector, const OCTETSTRING &p_org return false; } int security_cache::store_certificate(const CHARSTRING &p_cert_id, const OCTETSTRING &p_cert, const OCTETSTRING &p_private_key, int security_cache::store_certificate(const ec_elliptic_curves p_signing_algorithm, const CHARSTRING &p_cert_id, const OCTETSTRING &p_cert, const OCTETSTRING &p_private_key, const OCTETSTRING &p_public_key_x, const OCTETSTRING &p_public_key_y, const OCTETSTRING &p_public_compressed_key, const INTEGER &p_public_compressed_key_mode, const OCTETSTRING &p_hash, const OCTETSTRING &p_hash_sha_256, const OCTETSTRING &p_hashed_id8, const OCTETSTRING &p_issuer, const OCTETSTRING &p_private_enc_key, Loading Loading @@ -351,7 +392,8 @@ int security_cache::store_certificate(const CHARSTRING &p_cert_id, const OCTETST etsi_ts103097_certificate_codec codec; codec.decode(p_cert, decoded_certificate); loggers::get_instance().log_msg("security_cache::store_certificate: Decoded certificate: ", decoded_certificate); security_db_record *p = new security_db_record(key, // Certificate id security_db_record *p = new security_db_record(p_signing_algorithm, // Signing algorithm key, // Certificate id cert, // Certificate decoded_certificate, issuer, // Hashed ID for the issuer Loading
ccsrc/Protocols/Security/security_cache.hh +9 −1 Original line number Diff line number Diff line Loading @@ -84,6 +84,14 @@ public: /*! \publicsection */ * \return 0 on success, -1 otherwise */ int get_certificate_hashed_id3(const OCTETSTRING &p_hashed_id3, std::string &p_certificate_id) const; /*! * \fn int get_signing_algorithm(const std::string &p_certificate_id, ec_elliptic_curves* p_signing_algorithm); * \brief Retrive the signing algorithm of the specified certificate (in case of Implicit certificate) * \param[in] p_certificate_id The certificate name * \param[out] p_hashed_id_issuer The HashedId8 of the isseur certificate * \return 0 on success, -1 otherwise */ int get_signing_algorithm(const std::string &p_certificate_id, ec_elliptic_curves* p_signing_algorithm); /*! * \fn int get_issuer(const std::string &p_certificate_id, OCTETSTRING &p_hashed_id_issuer); * \brief Retrive the issuer of the specified certificate Loading Loading @@ -169,7 +177,7 @@ public: /*! \publicsection */ */ int get_public_enc_comp_key(const std::string &p_certificate_id, OCTETSTRING &p_public_enc_comp_key, INTEGER &p_enc_comp_mode); virtual int store_certificate(const CHARSTRING &p_cert_id, const OCTETSTRING &p_cert, const OCTETSTRING &p_private_key, const OCTETSTRING &p_public_key_x, virtual int store_certificate(const ec_elliptic_curves p_signing_algorithm, const CHARSTRING &p_cert_id, const OCTETSTRING &p_cert, const OCTETSTRING &p_private_key, const OCTETSTRING &p_public_key_x, const OCTETSTRING &p_public_key_y, const OCTETSTRING &p_public_compressed_key, const INTEGER &p_public_compressed_key_mode, const OCTETSTRING &p_hash, const OCTETSTRING &p_hash_sha_256, const OCTETSTRING &p_hashid8, const OCTETSTRING &p_issuer, const OCTETSTRING &p_private_enc_key, const OCTETSTRING &p_public_enc_key_x, const OCTETSTRING &p_public_enc_key_y, Loading
