Loading ccsrc/Protocols/Security/certificates_loader.cc +14 −60 Original line number Diff line number Diff line Loading @@ -8,6 +8,8 @@ #include "etsi_ts103097_certificate_codec.hh" #include "etsi_ts103097_tobesigned_certificate_codec.hh" #include "security_services_its.hh" #include "sha256.hh" #include "sha384.hh" Loading Loading @@ -197,13 +199,13 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const Ieee1609Dot2BaseTypes::BasePublicEncryptionKey &b = v.publicKey(); if (b.ischosen(Ieee1609Dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesNistP256)) { Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = v.publicKey().eciesNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesBrainpoolP256r1)) { Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = v.publicKey().eciesBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::BasePublicEncryptionKey::ALT_ecencSm2)) { Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = v.publicKey().ecencSm2(); fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); } // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_enc_key_x: ", public_enc_key_x); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_enc_key_y: ", public_enc_key_y); Loading Loading @@ -246,23 +248,23 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { algorithm = ec_elliptic_curves::nist_p_256; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP384)) { algorithm = ec_elliptic_curves::nist_p_384; Ieee1609Dot2BaseTypes::EccP384CurvePoint &p = b.ecdsaNistP384(); fill_public_key_vectors(ec_elliptic_curves::nist_p_384, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_384, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { algorithm = ec_elliptic_curves::brainpool_p_256_r1; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP384r1)) { algorithm = ec_elliptic_curves::brainpool_p_384_r1; Ieee1609Dot2BaseTypes::EccP384CurvePoint &p = b.ecdsaBrainpoolP384r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_384_r1, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_384_r1, p, public_comp_key, public_key_x, public_key_y); } else { // ALT_ecsigSm2 algorithm = ec_elliptic_curves::sm2_p_256; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecsigSm2(); fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_comp_key, public_key_x, public_key_y); } // loggers::get_instance().log("certificates_loader::load_certificate: algorithm: %d", algorithm); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_x: ", public_key_x); Loading Loading @@ -339,11 +341,11 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const OCTETSTRING issuer_sign_key_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); algorithm = ec_elliptic_curves::nist_p_256; } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); algorithm = ec_elliptic_curves::brainpool_p_256_r1; } else { loggers::get_instance().warning("certificates_loader::load_certificate: Incosistent certificate issuer: Wrong PublicVerificationKey"); Loading @@ -354,7 +356,7 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const OCTETSTRING rv_key_x; OCTETSTRING rv_key_y; OCTETSTRING rv_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, rv_comp_key, rv_key_x, rv_key_y); security_services_its::fill_public_key_vectors(algorithm, p, rv_comp_key, rv_key_x, rv_key_y); // Compute the hash od the toBeSigned OCTETSTRING tbs; etsi_ts103097_tobesigned_certificate_codec codec; Loading Loading @@ -481,51 +483,3 @@ int certificates_loader::save_certificate(const security_db_record &p_certificat return 0; } // End of method save_certificate void certificates_loader::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y) { loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point); if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) { p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) { p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) { p_public_key_x = p_ecc_point.uncompressedP256().x(); p_public_key_y = p_ecc_point.uncompressedP256().y(); p_public_comp_key = int2oct(0, 33); } else { p_public_key_x = int2oct(0, 32); p_public_key_y = int2oct(0, 32); p_public_comp_key = int2oct(0, 33); } } void certificates_loader::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP384CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y) { // loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point); if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) { p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) { p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) { p_public_key_x = p_ecc_point.uncompressedP384().x(); p_public_key_y = p_ecc_point.uncompressedP384().y(); p_public_comp_key = int2oct(0, 49); } else { p_public_key_x = int2oct(0, 48); p_public_key_y = int2oct(0, 48); p_public_comp_key = int2oct(0, 49); } } ccsrc/Protocols/Security/certificates_loader.hh +0 −12 Original line number Diff line number Diff line Loading @@ -111,16 +111,4 @@ public: /*! \publicsection */ std::map<OCTETSTRING, const std::string, security_cache_comp>& get_hashed_id8s(); private: /*! \privatesection */ /*! * \fn int fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); * \brief Initialize public key vectors, based on 256 bits curve */ void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); /*! * \fn int fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); * \brief Initialize public key vectors, based on 384 bits curve */ void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP384CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); }; // End of class certificates_loader ccsrc/Protocols/Security/security_services_its.cc +131 −3 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ using namespace std; // Required for isnan() #include "etsi_ts103097_certificate_codec.hh" #include "etsi_ts103097_data_codec.hh" #include "etsi_ts103097_tobesigned_data_codec.hh" #include "etsi_ts103097_tobesigned_certificate_codec.hh" #include "security_ecc.hh" #include "sha256.hh" Loading Loading @@ -1484,12 +1485,89 @@ int security_services_its::extract_verification_keys(const Ieee1609Dot2::Certifi return -1; } } else if (p_cert.toBeSigned().verifyKeyIndicator().ischosen(Ieee1609Dot2::VerificationKeyIndicator::ALT_reconstructionValue)) { // Implicit certificate // FIXME FSCOM // Sanity checks if (p_cert.signature__().ispresent()) { loggers::get_instance().error("security_services_its::extract_verification_keys: Inconsistent implicit certificate, discard message"); return -1; } // Rebuild signing keys loggers::get_instance().error("security_services_its::extract_verification_keys: Implicit certificate not supported yet"); // 1. Load certificate issuer std::string certificate_issuer_id; if (_security_db.get()->get_certificate_id(p_cert.issuer().sha256AndDigest(), certificate_issuer_id) == -1) { // Request for the issuer and discard this message _unknown_certificate = OCTETSTRING(3, static_cast<const unsigned char *>(p_cert.issuer().sha256AndDigest()) + p_cert.issuer().sha256AndDigest().lengthof() - 3); loggers::get_instance().error("security_services_its::extract_verification_keys: Implicit certificate issuer is unknown"); return -1; } Ieee1609Dot2::CertificateBase certificate_issuer; if (_security_db.get()->get_certificate(certificate_issuer_id, certificate_issuer) == -1) { // Request for the issuer and discard this message _unknown_certificate = OCTETSTRING(3, static_cast<const unsigned char *>(p_cert.issuer().sha256AndDigest()) + p_cert.issuer().sha256AndDigest().lengthof() - 3); loggers::get_instance().warning("security_services_its::extract_verification_keys: Cannot load implicit certificate issuer"); return -1; } // 2. The signing algorithm is provided by the issuer certificate if (!certificate_issuer.toBeSigned().verifyKeyIndicator().ischosen(Ieee1609Dot2::VerificationKeyIndicator::ALT_verificationKey)) { loggers::get_instance().warning("security_services_its::extract_verification_keys: Inconsistent certificate issuer: Wrong VerificationKeyIndicator, discard message"); return -1; } loggers::get_instance().log_msg("security_services_its::extract_verification_keys: Implicit certificate issuer: ", certificate_issuer); // 3. Retrieve the issuer signing key const Ieee1609Dot2BaseTypes::PublicVerificationKey &b = certificate_issuer.toBeSigned().verifyKeyIndicator().verificationKey(); OCTETSTRING issuer_sign_key_x; OCTETSTRING issuer_sign_key_y; OCTETSTRING issuer_sign_key_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); *p_signing_algorithm = ec_elliptic_curves::nist_p_256; } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); *p_signing_algorithm = ec_elliptic_curves::brainpool_p_256_r1; } else { loggers::get_instance().warning("security_services_its::extract_verification_keys: Incosistent certificate issuer: Wrong PublicVerificationKey, discard message"); return -1; } // 4. Retrieve the reconstruction key key const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = p_cert.toBeSigned().verifyKeyIndicator().reconstructionValue(); OCTETSTRING rv_key_x; OCTETSTRING rv_key_y; OCTETSTRING rv_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) security_services_its::fill_public_key_vectors(*p_signing_algorithm, p, rv_comp_key, rv_key_x, rv_key_y); // Compute the hash of the toBeSigned OCTETSTRING tbs; etsi_ts103097_tobesigned_certificate_codec codec; codec.encode(p_cert.toBeSigned(), tbs); if (!tbs.is_bound()) { loggers::get_instance().warning("security_services_its::extract_verification_keys: Failed to encode toBeSigned, discard message"); return -1; } loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Implicit encoded toBeSigned: ", tbs); OCTETSTRING hash_tbs; sha256 sha; sha.generate(tbs, hash_tbs); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Implicit hash(toBeSignedCertificate): ", hash_tbs); OCTETSTRING hash_sha_256; _security_db.get()->get_hash_sha_256(certificate_issuer_id, hash_sha_256); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Implicit issuer hash: ", hash_sha_256); OCTETSTRING input = hash_tbs + hash_sha_256; loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: input: ", input); sha.generate(input, hash_tbs); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: joint hash: ", hash_tbs); // Reconstruction of the public key. security_ecc r_key(*p_signing_algorithm, rv_key_x, rv_key_y); // Reconstruction key if (r_key.reconstruct_public_keys(hash_tbs, static_cast<const OCTETSTRING&>(issuer_sign_key_x), static_cast<const OCTETSTRING&>(issuer_sign_key_y), p_public_key_x, p_public_key_y, p_public_comp_key, p_public_comp_key_mode) == -1) { loggers::get_instance().warning("security_services_its::extract_verification_keys: Failed to encode toBeSigned, discard message"); return -1; } loggers::get_instance().log("security_services_its::extract_verification_keys: *p_signing_algorithm: '%d'", *p_signing_algorithm); loggers::get_instance().log_msg("security_services_its::extract_verification_keys: public_key_x: ", p_public_key_x); loggers::get_instance().log_msg("security_services_its::extract_verification_keys: public_key_y: ", p_public_key_y); loggers::get_instance().log_msg("security_services_its::extract_verification_keys: public_comp_key: ", p_public_comp_key); loggers::get_instance().log_msg("security_services_its::extract_verification_keys: public_comp_key_mode: ", p_public_comp_key_mode); } else { loggers::get_instance().error("security_services_its::extract_verification_keys: Unsupported variant"); } return 0; } Loading Loading @@ -1717,3 +1795,53 @@ int security_services_its::read_public_keys(const CHARSTRING &p_certificate_id, int security_services_its::read_private_enc_key(const CHARSTRING &p_certificate_id, OCTETSTRING &p_private_enc_key) const { return _security_db.get()->get_private_enc_key(std::string(static_cast<const char *>(p_certificate_id)), p_private_enc_key); } void security_services_its::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y) { loggers::get_instance().log_msg(">>> security_services_its::fill_public_key_vectors: ", p_ecc_point); if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) { p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) { p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) { p_public_key_x = p_ecc_point.uncompressedP256().x(); p_public_key_y = p_ecc_point.uncompressedP256().y(); p_public_comp_key = int2oct(0, 33); } else { p_public_key_x = int2oct(0, 32); p_public_key_y = int2oct(0, 32); p_public_comp_key = int2oct(0, 33); } } void security_services_its::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP384CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y) { // loggers::get_instance().log_msg(">>> security_services_its::fill_public_key_vectors: ", p_ecc_point); if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) { p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) { p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) { p_public_key_x = p_ecc_point.uncompressedP384().x(); p_public_key_y = p_ecc_point.uncompressedP384().y(); p_public_comp_key = int2oct(0, 49); } else { p_public_key_x = int2oct(0, 48); p_public_key_y = int2oct(0, 48); p_public_comp_key = int2oct(0, 49); } } ccsrc/Protocols/Security/security_services_its.hh +17 −2 Original line number Diff line number Diff line Loading @@ -14,6 +14,8 @@ class OCTETSTRING; //! TITAN forward declaration class CHARSTRING; //! TITAN forward declaration namespace Ieee1609Dot2BaseTypes { class EccP256CurvePoint; //! TITAN forward declaration class EccP384CurvePoint; //! TITAN forward declaration class HashAlgorithm; //! TITAN forward declaration class Signature; //! TITAN forward declaration } // namespace Ieee1609Dot2BaseTypes Loading Loading @@ -157,6 +159,19 @@ public: /*! \publicsection */ const int get_protocol_version() const { return ProtocolVersion; }; /*! * \fn int fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); * \brief Initialize public key vectors, based on 256 bits curve */ static void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); /*! * \fn int fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); * \brief Initialize public key vectors, based on 384 bits curve */ static void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP384CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); private: /*! * \fn int process_ieee_1609_dot2_content(const Ieee1609Dot2::Ieee1609Dot2Content& p_ieee_1609_dot2_content, const bool p_verify, OCTETSTRING& Loading etc/AtsSecurity/AtsSecurity.cfg +6 −6 Original line number Diff line number Diff line Loading @@ -43,10 +43,10 @@ LibItsSecurity_Pixits.PX_AT_CERTIFICATE := "CERT_TS_B_AT" # Possible values: CER # you want to log into the file or display on console (standard error). LogFile := "../logs/AtsSecurity/%e.%h-%r.%s" FileMask := LOG_ALL | USER | DEBUG | MATCHING ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING #FileMask := ERROR | WARNING | USER | PORTEVENT | MATCHING | EXECUTOR_RUNTIME | VERDICTOP | TIMEROP #ConsoleMask := ERROR | WARNING | USER | PORTEVENT | MATCHING | EXECUTOR_RUNTIME | VERDICTOP | TIMEROP #FileMask := LOG_ALL | USER | DEBUG | MATCHING #ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING FileMask := ERROR | WARNING | USER | PORTEVENT | MATCHING | EXECUTOR_RUNTIME | VERDICTOP | TIMEROP ConsoleMask := ERROR | WARNING | USER | PORTEVENT | MATCHING | EXECUTOR_RUNTIME | VERDICTOP | TIMEROP LogSourceInfo := Stack LogEntityName:= Yes LogEventTypes:= Yes Loading Loading @@ -149,13 +149,13 @@ system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.1.43,dst_port=12345,src_po # --------------------- IMPILICT CERT --------------------- # Check that IUT supports usage of implicit certificate for signing message #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with a known implicit certificate #ItsSecurity_TestCases.TC_SEC_ITSS_RCV_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with an unknown implicit certificate ItsSecurity_TestCases.TC_SEC_ITSS_RCV_IMPLICIT_CERT_02_BV #ItsSecurity_TestCases.TC_SEC_ITSS_RCV_IMPLICIT_CERT_02_BV # Check that IUT discards a valid secured CAM message signed with implicit certificate containing signature #ItsSecurity_TestCases.TC_SEC_ITSS_RCV_IMPLICIT_CERT_01_BO Loading Loading
ccsrc/Protocols/Security/certificates_loader.cc +14 −60 Original line number Diff line number Diff line Loading @@ -8,6 +8,8 @@ #include "etsi_ts103097_certificate_codec.hh" #include "etsi_ts103097_tobesigned_certificate_codec.hh" #include "security_services_its.hh" #include "sha256.hh" #include "sha384.hh" Loading Loading @@ -197,13 +199,13 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const Ieee1609Dot2BaseTypes::BasePublicEncryptionKey &b = v.publicKey(); if (b.ischosen(Ieee1609Dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesNistP256)) { Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = v.publicKey().eciesNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesBrainpoolP256r1)) { Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = v.publicKey().eciesBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::BasePublicEncryptionKey::ALT_ecencSm2)) { Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = v.publicKey().ecencSm2(); fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y); } // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_enc_key_x: ", public_enc_key_x); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_enc_key_y: ", public_enc_key_y); Loading Loading @@ -246,23 +248,23 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { algorithm = ec_elliptic_curves::nist_p_256; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP384)) { algorithm = ec_elliptic_curves::nist_p_384; Ieee1609Dot2BaseTypes::EccP384CurvePoint &p = b.ecdsaNistP384(); fill_public_key_vectors(ec_elliptic_curves::nist_p_384, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_384, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { algorithm = ec_elliptic_curves::brainpool_p_256_r1; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_comp_key, public_key_x, public_key_y); } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP384r1)) { algorithm = ec_elliptic_curves::brainpool_p_384_r1; Ieee1609Dot2BaseTypes::EccP384CurvePoint &p = b.ecdsaBrainpoolP384r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_384_r1, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_384_r1, p, public_comp_key, public_key_x, public_key_y); } else { // ALT_ecsigSm2 algorithm = ec_elliptic_curves::sm2_p_256; Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecsigSm2(); fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_comp_key, public_key_x, public_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::sm2_p_256, p, public_comp_key, public_key_x, public_key_y); } // loggers::get_instance().log("certificates_loader::load_certificate: algorithm: %d", algorithm); // loggers::get_instance().log_msg("certificates_loader::load_certificate: public_key_x: ", public_key_x); Loading Loading @@ -339,11 +341,11 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const OCTETSTRING issuer_sign_key_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); algorithm = ec_elliptic_curves::nist_p_256; } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); algorithm = ec_elliptic_curves::brainpool_p_256_r1; } else { loggers::get_instance().warning("certificates_loader::load_certificate: Incosistent certificate issuer: Wrong PublicVerificationKey"); Loading @@ -354,7 +356,7 @@ int certificates_loader::load_certificate(const OCTETSTRING& p_hashed_id8, const OCTETSTRING rv_key_x; OCTETSTRING rv_key_y; OCTETSTRING rv_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, rv_comp_key, rv_key_x, rv_key_y); security_services_its::fill_public_key_vectors(algorithm, p, rv_comp_key, rv_key_x, rv_key_y); // Compute the hash od the toBeSigned OCTETSTRING tbs; etsi_ts103097_tobesigned_certificate_codec codec; Loading Loading @@ -481,51 +483,3 @@ int certificates_loader::save_certificate(const security_db_record &p_certificat return 0; } // End of method save_certificate void certificates_loader::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y) { loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point); if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) { p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) { p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) { p_public_key_x = p_ecc_point.uncompressedP256().x(); p_public_key_y = p_ecc_point.uncompressedP256().y(); p_public_comp_key = int2oct(0, 33); } else { p_public_key_x = int2oct(0, 32); p_public_key_y = int2oct(0, 32); p_public_comp_key = int2oct(0, 33); } } void certificates_loader::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP384CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y) { // loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point); if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) { p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) { p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) { p_public_key_x = p_ecc_point.uncompressedP384().x(); p_public_key_y = p_ecc_point.uncompressedP384().y(); p_public_comp_key = int2oct(0, 49); } else { p_public_key_x = int2oct(0, 48); p_public_key_y = int2oct(0, 48); p_public_comp_key = int2oct(0, 49); } }
ccsrc/Protocols/Security/certificates_loader.hh +0 −12 Original line number Diff line number Diff line Loading @@ -111,16 +111,4 @@ public: /*! \publicsection */ std::map<OCTETSTRING, const std::string, security_cache_comp>& get_hashed_id8s(); private: /*! \privatesection */ /*! * \fn int fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); * \brief Initialize public key vectors, based on 256 bits curve */ void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); /*! * \fn int fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); * \brief Initialize public key vectors, based on 384 bits curve */ void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP384CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); }; // End of class certificates_loader
ccsrc/Protocols/Security/security_services_its.cc +131 −3 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ using namespace std; // Required for isnan() #include "etsi_ts103097_certificate_codec.hh" #include "etsi_ts103097_data_codec.hh" #include "etsi_ts103097_tobesigned_data_codec.hh" #include "etsi_ts103097_tobesigned_certificate_codec.hh" #include "security_ecc.hh" #include "sha256.hh" Loading Loading @@ -1484,12 +1485,89 @@ int security_services_its::extract_verification_keys(const Ieee1609Dot2::Certifi return -1; } } else if (p_cert.toBeSigned().verifyKeyIndicator().ischosen(Ieee1609Dot2::VerificationKeyIndicator::ALT_reconstructionValue)) { // Implicit certificate // FIXME FSCOM // Sanity checks if (p_cert.signature__().ispresent()) { loggers::get_instance().error("security_services_its::extract_verification_keys: Inconsistent implicit certificate, discard message"); return -1; } // Rebuild signing keys loggers::get_instance().error("security_services_its::extract_verification_keys: Implicit certificate not supported yet"); // 1. Load certificate issuer std::string certificate_issuer_id; if (_security_db.get()->get_certificate_id(p_cert.issuer().sha256AndDigest(), certificate_issuer_id) == -1) { // Request for the issuer and discard this message _unknown_certificate = OCTETSTRING(3, static_cast<const unsigned char *>(p_cert.issuer().sha256AndDigest()) + p_cert.issuer().sha256AndDigest().lengthof() - 3); loggers::get_instance().error("security_services_its::extract_verification_keys: Implicit certificate issuer is unknown"); return -1; } Ieee1609Dot2::CertificateBase certificate_issuer; if (_security_db.get()->get_certificate(certificate_issuer_id, certificate_issuer) == -1) { // Request for the issuer and discard this message _unknown_certificate = OCTETSTRING(3, static_cast<const unsigned char *>(p_cert.issuer().sha256AndDigest()) + p_cert.issuer().sha256AndDigest().lengthof() - 3); loggers::get_instance().warning("security_services_its::extract_verification_keys: Cannot load implicit certificate issuer"); return -1; } // 2. The signing algorithm is provided by the issuer certificate if (!certificate_issuer.toBeSigned().verifyKeyIndicator().ischosen(Ieee1609Dot2::VerificationKeyIndicator::ALT_verificationKey)) { loggers::get_instance().warning("security_services_its::extract_verification_keys: Inconsistent certificate issuer: Wrong VerificationKeyIndicator, discard message"); return -1; } loggers::get_instance().log_msg("security_services_its::extract_verification_keys: Implicit certificate issuer: ", certificate_issuer); // 3. Retrieve the issuer signing key const Ieee1609Dot2BaseTypes::PublicVerificationKey &b = certificate_issuer.toBeSigned().verifyKeyIndicator().verificationKey(); OCTETSTRING issuer_sign_key_x; OCTETSTRING issuer_sign_key_y; OCTETSTRING issuer_sign_key_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaNistP256(); security_services_its::fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); *p_signing_algorithm = ec_elliptic_curves::nist_p_256; } else if (b.ischosen(Ieee1609Dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) { const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = b.ecdsaBrainpoolP256r1(); security_services_its::fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, issuer_sign_key_comp_key, issuer_sign_key_x, issuer_sign_key_y); *p_signing_algorithm = ec_elliptic_curves::brainpool_p_256_r1; } else { loggers::get_instance().warning("security_services_its::extract_verification_keys: Incosistent certificate issuer: Wrong PublicVerificationKey, discard message"); return -1; } // 4. Retrieve the reconstruction key key const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p = p_cert.toBeSigned().verifyKeyIndicator().reconstructionValue(); OCTETSTRING rv_key_x; OCTETSTRING rv_key_y; OCTETSTRING rv_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03) security_services_its::fill_public_key_vectors(*p_signing_algorithm, p, rv_comp_key, rv_key_x, rv_key_y); // Compute the hash of the toBeSigned OCTETSTRING tbs; etsi_ts103097_tobesigned_certificate_codec codec; codec.encode(p_cert.toBeSigned(), tbs); if (!tbs.is_bound()) { loggers::get_instance().warning("security_services_its::extract_verification_keys: Failed to encode toBeSigned, discard message"); return -1; } loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Implicit encoded toBeSigned: ", tbs); OCTETSTRING hash_tbs; sha256 sha; sha.generate(tbs, hash_tbs); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Implicit hash(toBeSignedCertificate): ", hash_tbs); OCTETSTRING hash_sha_256; _security_db.get()->get_hash_sha_256(certificate_issuer_id, hash_sha_256); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Implicit issuer hash: ", hash_sha_256); OCTETSTRING input = hash_tbs + hash_sha_256; loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: input: ", input); sha.generate(input, hash_tbs); loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: joint hash: ", hash_tbs); // Reconstruction of the public key. security_ecc r_key(*p_signing_algorithm, rv_key_x, rv_key_y); // Reconstruction key if (r_key.reconstruct_public_keys(hash_tbs, static_cast<const OCTETSTRING&>(issuer_sign_key_x), static_cast<const OCTETSTRING&>(issuer_sign_key_y), p_public_key_x, p_public_key_y, p_public_comp_key, p_public_comp_key_mode) == -1) { loggers::get_instance().warning("security_services_its::extract_verification_keys: Failed to encode toBeSigned, discard message"); return -1; } loggers::get_instance().log("security_services_its::extract_verification_keys: *p_signing_algorithm: '%d'", *p_signing_algorithm); loggers::get_instance().log_msg("security_services_its::extract_verification_keys: public_key_x: ", p_public_key_x); loggers::get_instance().log_msg("security_services_its::extract_verification_keys: public_key_y: ", p_public_key_y); loggers::get_instance().log_msg("security_services_its::extract_verification_keys: public_comp_key: ", p_public_comp_key); loggers::get_instance().log_msg("security_services_its::extract_verification_keys: public_comp_key_mode: ", p_public_comp_key_mode); } else { loggers::get_instance().error("security_services_its::extract_verification_keys: Unsupported variant"); } return 0; } Loading Loading @@ -1717,3 +1795,53 @@ int security_services_its::read_public_keys(const CHARSTRING &p_certificate_id, int security_services_its::read_private_enc_key(const CHARSTRING &p_certificate_id, OCTETSTRING &p_private_enc_key) const { return _security_db.get()->get_private_enc_key(std::string(static_cast<const char *>(p_certificate_id)), p_private_enc_key); } void security_services_its::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y) { loggers::get_instance().log_msg(">>> security_services_its::fill_public_key_vectors: ", p_ecc_point); if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) { p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) { p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) { p_public_key_x = p_ecc_point.uncompressedP256().x(); p_public_key_y = p_ecc_point.uncompressedP256().y(); p_public_comp_key = int2oct(0, 33); } else { p_public_key_x = int2oct(0, 32); p_public_key_y = int2oct(0, 32); p_public_comp_key = int2oct(0, 33); } } void security_services_its::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP384CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y) { // loggers::get_instance().log_msg(">>> security_services_its::fill_public_key_vectors: ", p_ecc_point); if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) { p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) { p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1(); security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1); p_public_key_x = ecc.public_key_x(); p_public_key_y = ecc.public_key_y(); } else if (p_ecc_point.ischosen(Ieee1609Dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) { p_public_key_x = p_ecc_point.uncompressedP384().x(); p_public_key_y = p_ecc_point.uncompressedP384().y(); p_public_comp_key = int2oct(0, 49); } else { p_public_key_x = int2oct(0, 48); p_public_key_y = int2oct(0, 48); p_public_comp_key = int2oct(0, 49); } }
ccsrc/Protocols/Security/security_services_its.hh +17 −2 Original line number Diff line number Diff line Loading @@ -14,6 +14,8 @@ class OCTETSTRING; //! TITAN forward declaration class CHARSTRING; //! TITAN forward declaration namespace Ieee1609Dot2BaseTypes { class EccP256CurvePoint; //! TITAN forward declaration class EccP384CurvePoint; //! TITAN forward declaration class HashAlgorithm; //! TITAN forward declaration class Signature; //! TITAN forward declaration } // namespace Ieee1609Dot2BaseTypes Loading Loading @@ -157,6 +159,19 @@ public: /*! \publicsection */ const int get_protocol_version() const { return ProtocolVersion; }; /*! * \fn int fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); * \brief Initialize public key vectors, based on 256 bits curve */ static void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); /*! * \fn int fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP256CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); * \brief Initialize public key vectors, based on 384 bits curve */ static void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const Ieee1609Dot2BaseTypes::EccP384CurvePoint &p_ecc_point, OCTETSTRING &p_public_comp_key, OCTETSTRING &p_public_key_x, OCTETSTRING &p_public_key_y); private: /*! * \fn int process_ieee_1609_dot2_content(const Ieee1609Dot2::Ieee1609Dot2Content& p_ieee_1609_dot2_content, const bool p_verify, OCTETSTRING& Loading
etc/AtsSecurity/AtsSecurity.cfg +6 −6 Original line number Diff line number Diff line Loading @@ -43,10 +43,10 @@ LibItsSecurity_Pixits.PX_AT_CERTIFICATE := "CERT_TS_B_AT" # Possible values: CER # you want to log into the file or display on console (standard error). LogFile := "../logs/AtsSecurity/%e.%h-%r.%s" FileMask := LOG_ALL | USER | DEBUG | MATCHING ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING #FileMask := ERROR | WARNING | USER | PORTEVENT | MATCHING | EXECUTOR_RUNTIME | VERDICTOP | TIMEROP #ConsoleMask := ERROR | WARNING | USER | PORTEVENT | MATCHING | EXECUTOR_RUNTIME | VERDICTOP | TIMEROP #FileMask := LOG_ALL | USER | DEBUG | MATCHING #ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING FileMask := ERROR | WARNING | USER | PORTEVENT | MATCHING | EXECUTOR_RUNTIME | VERDICTOP | TIMEROP ConsoleMask := ERROR | WARNING | USER | PORTEVENT | MATCHING | EXECUTOR_RUNTIME | VERDICTOP | TIMEROP LogSourceInfo := Stack LogEntityName:= Yes LogEventTypes:= Yes Loading Loading @@ -149,13 +149,13 @@ system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.1.43,dst_port=12345,src_po # --------------------- IMPILICT CERT --------------------- # Check that IUT supports usage of implicit certificate for signing message #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with a known implicit certificate #ItsSecurity_TestCases.TC_SEC_ITSS_RCV_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with an unknown implicit certificate ItsSecurity_TestCases.TC_SEC_ITSS_RCV_IMPLICIT_CERT_02_BV #ItsSecurity_TestCases.TC_SEC_ITSS_RCV_IMPLICIT_CERT_02_BV # Check that IUT discards a valid secured CAM message signed with implicit certificate containing signature #ItsSecurity_TestCases.TC_SEC_ITSS_RCV_IMPLICIT_CERT_01_BO Loading
