Compare Revisions

The credentials to download the source code are:
 Username: svnusers
 Password: svnusers

Ignore whitespace Rev 3347 → Rev 3346

/branches/STF525/ccsrc/Protocols/Security/certificates_loader.cc
16,7 → 16,7
 
certificates_loader * certificates_loader::instance = nullptr;
 
certificates_loader::certificates_loader(): _certificateExt{".oer"}, _privateKeyExt{".vkey"}, _privateEncKeyExt{".ekey"}, _full_path(), _is_cache_initialized{false}, _directory_filter{".svn", "._.DS_Store", ".DS_Store"} {
certificates_loader::certificates_loader(): _certificateExt{".oer"}, _privateKeyExt{".vkey"}, _privateEncKeyExt{".ekey"}, _publicKeysExt{".vkey_pub"}, _publicCompKeysExt(".cvkey"), _publicEncKeysExt{".ekey_pub"}, _hashedidDigestExt{".hashedid"}, _issuerDigestExt{".issuer"}, _publicEncCompKeysExt{".cekey"}, _full_path(), _is_cache_initialized{false}, _directory_filter{".svn", "._.DS_Store", ".DS_Store"} {
loggers::get_instance().log(">>> certificates_loader::certificates_loader");
} // End of ctor
 
97,6 → 97,7
}
// Process files
p_files.clear();
std::set<std::string> extensions_filter{ _certificateExt, _privateKeyExt, _privateEncKeyExt, _publicKeysExt, _publicCompKeysExt, _publicEncKeysExt, _hashedidDigestExt, _issuerDigestExt };
for (std::set<std::experimental::filesystem::path>::const_reverse_iterator f = folders.crbegin(); f != folders.crend(); ++f) {
//loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Processing directory '%s'", f->string().c_str());
for(const std::experimental::filesystem::directory_entry it : std::experimental::filesystem::recursive_directory_iterator(*f)) {
103,8 → 104,9
//loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Processing file '%s'", it.path().filename().string().c_str());
if (std::experimental::filesystem::is_regular_file(it)) {
//loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Check extension '%s'", it.path().extension().string().c_str());
if (it.path().extension().string().compare(_certificateExt) == 0) {
loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Add file '%s'", it.path().filename().string().c_str());
std::set<std::string>::const_iterator i = extensions_filter.find(it.path().extension().string());
if (i != extensions_filter.cend()) {
//loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Add file '%s'", it.path().filename().string().c_str());
p_files.insert(it);
}
}
130,6 → 132,12
const std::string& key = p.stem();
loggers::get_instance().log("certificates_loader::build_certificates_cache: Key = '%s'", key.c_str());
 
if(p_certificates.find(key) != p_certificates.cend()) {
p_files.erase(it);
it = p_files.cbegin();
continue;
}
// Load certificate file
it = p_files.find(p.replace_extension(_certificateExt));
if (it == p_files.cend()) {
138,25 → 146,21
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching certificate '%s'", it->string().c_str());
std::ifstream is(it->string(), ios::in | ios::binary);
if (!is.is_open()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: failed to open certificate file");
return -1;
}
OCTETSTRING certificate = int2oct(0, std::experimental::filesystem::file_size(*it));
is.read((char *)static_cast<const unsigned char*>(certificate), certificate.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
 
// Load private key file
p = p.replace_extension(_privateKeyExt);
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private keys '%s'", p.string().c_str());
is.open(p, ios::in | ios::binary);
if (!is.is_open()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to open Private key");
it = p_files.find(p.replace_extension(_privateKeyExt));
if (it == p_files.cend()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Private keys file not found for '%s'", key.c_str());
return -1;
}
int size = std::experimental::filesystem::file_size(p);
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
int size = std::experimental::filesystem::file_size(*it);
if ((size != 32) && (size != 48)) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Private key size is incorrect for '%s'", key.c_str());
return -1;
164,17 → 168,16
OCTETSTRING private_key = int2oct(0, size);
is.read((char *)static_cast<const unsigned char*>(private_key), private_key.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
// Load private encryption key file if present
OCTETSTRING private_enc_key;
p = p.replace_extension(_privateEncKeyExt);
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private encryption key '%s'", p.string().c_str());
is.open(p, ios::in | ios::binary);
if (!is.is_open()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to open Private encryption key file");
private_enc_key = OCTETSTRING(0, nullptr);
} else {
size = std::experimental::filesystem::file_size(*it);
it = p_files.find(p.replace_extension(_privateEncKeyExt));
if (it != p_files.cend()) {
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private encryption keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
int size = std::experimental::filesystem::file_size(*it);
if (size != 32) { // IEEE Std 1609.2 2017: NistP256 or BrainpoolP256r1
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Private encryption key size is incorrect for '%s'", key.c_str());
return -1;
182,123 → 185,252
private_enc_key = int2oct(0, size);
is.read((char *)static_cast<const unsigned char*>(private_enc_key), private_enc_key.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
}
// Build DB record
etsi_ts103097_certificate_codec codec;
IEEE1609dot2::CertificateBase decoded_certificate;
codec.decode(certificate, decoded_certificate);
if (!decoded_certificate.is_value()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to decode certificate for '%s'", key.c_str());
return -1;
} else {
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Decoded certificate: ", decoded_certificate);
// Prepare all fields
if (!decoded_certificate.toBeSigned().verifyKeyIndicator().ischosen(IEEE1609dot2::VerificationKeyIndicator::ALT_verificationKey)) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Wrong VerificationKeyIndicator variant for '%s'", key.c_str());
// Load public keys file
it = p_files.find(p.replace_extension(_publicKeysExt));
if (it == p_files.cend()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public keys file not found for '%s'", key.c_str());
// Try with only binary format of the certificate and the private key
etsi_ts103097_certificate_codec codec;
IEEE1609dot2::CertificateBase decoded_certificate;
codec.decode(certificate, decoded_certificate);
if (!decoded_certificate.is_value()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to decode certificate for '%s'", key.c_str());
return -1;
}
OCTETSTRING public_key_x;
OCTETSTRING public_key_y;
OCTETSTRING public_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
IEEE1609dot2BaseTypes::PublicVerificationKey& b = decoded_certificate.toBeSigned().verifyKeyIndicator().verificationKey();
if (b.ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) {
IEEE1609dot2BaseTypes::EccP256CurvePoint& p = b.ecdsaNistP256();
fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_comp_key, public_key_x, public_key_y);
} else if (b.ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) {
IEEE1609dot2BaseTypes::EccP256CurvePoint& p = b.ecdsaBrainpoolP256r1();
fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_comp_key, public_key_x, public_key_y);
} else { // ALT_ecdsaBrainpoolP384r1
IEEE1609dot2BaseTypes::EccP384CurvePoint& p = b.ecdsaBrainpoolP384r1();
fill_public_key_vectors(ec_elliptic_curves::brainpool_p_384_r1, p, public_comp_key, public_key_x, public_key_y);
}
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_x: ", public_key_x);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_y: ", public_key_y);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_comp_key: ", public_comp_key);
OCTETSTRING public_enc_key_x;
OCTETSTRING public_enc_key_y;
OCTETSTRING public_enc_comp_key;
if (decoded_certificate.toBeSigned().encryptionKey().ispresent()) {
IEEE1609dot2BaseTypes::PublicEncryptionKey& v = static_cast<IEEE1609dot2BaseTypes::PublicEncryptionKey&>(decoded_certificate.toBeSigned().encryptionKey());
IEEE1609dot2BaseTypes::BasePublicEncryptionKey& b = v.publicKey();
if (b.ischosen(IEEE1609dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesNistP256)) {
IEEE1609dot2BaseTypes::EccP256CurvePoint& p = v.publicKey().eciesNistP256();
fill_public_key_vectors(ec_elliptic_curves::nist_p_256, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y);
} else if (b.ischosen(IEEE1609dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesBrainpoolP256r1)) {
IEEE1609dot2BaseTypes::EccP256CurvePoint& p = v.publicKey().eciesBrainpoolP256r1();
fill_public_key_vectors(ec_elliptic_curves::brainpool_p_256_r1, p, public_enc_comp_key, public_enc_key_x, public_enc_key_y);
} else {
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Decoded certificate: ", decoded_certificate);
// Prepare all fields
if (!decoded_certificate.toBeSigned().verifyKeyIndicator().ischosen(IEEE1609dot2::VerificationKeyIndicator::ALT_verificationKey)) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Wrong VerificationKeyIndicator variant for '%s'", key.c_str());
return -1;
}
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_enc_key_x: ", public_enc_key_x);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_enc_key_y: ", public_enc_key_y);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_enc_comp_key: ", public_enc_comp_key);
} else {
public_enc_key_x = OCTETSTRING(0, nullptr);
public_enc_key_y = OCTETSTRING(0, nullptr);
public_enc_comp_key = OCTETSTRING(0, nullptr);
}
OCTETSTRING hash; // Whole-certificate hash
OCTETSTRING hashed_id; // Whole-certificate hashedid-8
OCTETSTRING issuer; // Certificate issuer
if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) {
sha256 sha;
sha.generate(certificate, hash);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash);
hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
issuer = decoded_certificate.issuer().sha256AndDigest();
} else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) {
sha384 sha;
sha.generate(certificate, hash);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash);
hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
issuer = decoded_certificate.issuer().sha384AndDigest();
} else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_self__)) {
if (decoded_certificate.issuer().self__() == IEEE1609dot2BaseTypes::HashAlgorithm::sha256) {
OCTETSTRING public_key_x;
OCTETSTRING public_key_y;
OCTETSTRING public_comp_key; // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
IEEE1609dot2BaseTypes::PublicVerificationKey& b = decoded_certificate.toBeSigned().verifyKeyIndicator().verificationKey();
if (b.ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaNistP256)) {
IEEE1609dot2BaseTypes::EccP256CurvePoint& p = b.ecdsaNistP256();
fill_public_key_vectors(p, public_comp_key, public_key_x, public_key_y);
} else if (b.ischosen(IEEE1609dot2BaseTypes::PublicVerificationKey::ALT_ecdsaBrainpoolP256r1)) {
IEEE1609dot2BaseTypes::EccP256CurvePoint& p = b.ecdsaBrainpoolP256r1();
fill_public_key_vectors(p, public_comp_key, public_key_x, public_key_y);
} else { // ALT_ecdsaBrainpoolP384r1
IEEE1609dot2BaseTypes::EccP384CurvePoint& p = b.ecdsaBrainpoolP384r1();
fill_public_key_vectors(p, public_comp_key, public_key_x, public_key_y);
}
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_x: ", public_key_x);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_key_y: ", public_key_y);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: public_comp_key: ", public_comp_key);
OCTETSTRING public_enc_key_x;
OCTETSTRING public_enc_key_y;
OCTETSTRING public_enc_comp_key;
if (decoded_certificate.toBeSigned().encryptionKey().ispresent()) {
IEEE1609dot2BaseTypes::PublicEncryptionKey& v = static_cast<IEEE1609dot2BaseTypes::PublicEncryptionKey&>(decoded_certificate.toBeSigned().encryptionKey());
IEEE1609dot2BaseTypes::BasePublicEncryptionKey& b = v.publicKey();
if (b.ischosen(IEEE1609dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesNistP256)) {
IEEE1609dot2BaseTypes::EccP256CurvePoint& p = v.publicKey().eciesNistP256();
fill_public_key_vectors(p, public_enc_comp_key, public_enc_key_x, public_enc_key_y);
} else if (b.ischosen(IEEE1609dot2BaseTypes::BasePublicEncryptionKey::ALT_eciesBrainpoolP256r1)) {
IEEE1609dot2BaseTypes::EccP256CurvePoint& p = v.publicKey().eciesBrainpoolP256r1();
fill_public_key_vectors(p, public_enc_comp_key, public_enc_key_x, public_enc_key_y);
}
}
OCTETSTRING hashed_id;
OCTETSTRING issuer;
if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) {
OCTETSTRING hash;
sha256 sha;
sha.generate(certificate, hash);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-256 hash: ", hash);
} else {
hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
issuer = decoded_certificate.issuer().sha256AndDigest();
} else if (decoded_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) {
OCTETSTRING hash;
sha384 sha;
sha.generate(certificate, hash);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Whole-certificate SHA-384 hash: ", hash);
hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
issuer = decoded_certificate.issuer().sha384AndDigest();
} else {
hashed_id = int2oct(0, 8);
issuer = int2oct(0, 8);
}
hashed_id = OCTETSTRING(8, static_cast<const unsigned char*>(hash) + hash.lengthof() - 8);
issuer = int2oct(0, 8);
} else {
hash = OCTETSTRING(0, nullptr);
hashed_id = int2oct(0, 8);
issuer = int2oct(0, 8);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer);
// Create new record
security_db_record* p = new security_db_record(
key,
certificate, // Certificate
decoded_certificate,
issuer, // Hashed ID fo the issuer
hashed_id, // Hashed ID
private_key, // Private key
public_key_x, // public keys X-coordinate
public_key_y, // public keys Y-coordinate
public_comp_key, // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
private_enc_key, // Private encryption key
public_enc_key_x, // Public encryption key X-coordinate
public_enc_key_y, // Public encryption key Y-coordinate
public_enc_comp_key // Public compressed encryption key
);
result = p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(p)));
if (result.second == false) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to insert new record '%s'", key.c_str());
delete p;
return -1;
}
p_hashed_id8s.insert(std::pair<OCTETSTRING, std::string>(result.first->second.get()->hashed_id(), result.first->first));
// Reset pointer
it = p_files.cbegin();
// Continue with next certificte in the list
continue;
}
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hash: ", hash);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: hashed_id: ", hashed_id);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: issuer: ", issuer);
// Create new record
security_db_record* p = new security_db_record(
key,
certificate, // Certificate
decoded_certificate,
issuer, // Hashed ID fo the issuer
hash,
hashed_id, // Hashed ID
private_key, // Private key
public_key_x, // public keys X-coordinate
public_key_y, // public keys Y-coordinate
public_comp_key, // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
private_enc_key, // Private encryption key
public_enc_key_x, // Public encryption key X-coordinate
public_enc_key_y, // Public encryption key Y-coordinate
public_enc_comp_key // Public compressed encryption key
);
result = p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(p)));
if (result.second == false) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to insert new record '%s'", key.c_str());
delete p;
} // else, continue with detailed files
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching public keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
size = std::experimental::filesystem::file_size(*it);
if ((size != 64) && (size != 96)) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public keys size is incorrect for '%s'", key.c_str());
return -1;
}
OCTETSTRING public_key_x = int2oct(0x00, size / 2);
is.read((char *)static_cast<const unsigned char*>(public_key_x), public_key_x.lengthof());
OCTETSTRING public_key_y = int2oct(0x00, size / 2);
is.read((char *)static_cast<const unsigned char*>(public_key_y), public_key_y.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
 
// Load public compressed key file
it = p_files.find(p.replace_extension(_publicCompKeysExt));
if (it == p_files.cend()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public compress key file not found for '%s'", key.c_str());
return -1;
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching public compressed ke '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
size = std::experimental::filesystem::file_size(*it);
if ((size != 33) && (size != 49)) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public compressed key size is incorrect for '%s'", key.c_str());
return -1;
}
OCTETSTRING public_comp_key = int2oct(0, size);
is.read((char *)static_cast<const unsigned char*>(public_comp_key), public_comp_key.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
 
// Load public encryption key file
OCTETSTRING public_enc_key_x;
OCTETSTRING public_enc_key_y;
it = p_files.find(p.replace_extension(_publicEncKeysExt));
if (it != p_files.cend()) {
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching public encryption keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
size = std::experimental::filesystem::file_size(*it);
if (size != 64) { // IEEE Std 1609.2 2017: NistP256 or BrainpoolP256r1
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public encryption keys size is incorrect for '%s'", key.c_str());
return -1;
}
p_hashed_id8s.insert(std::pair<OCTETSTRING, std::string>(result.first->second.get()->hashed_id(), result.first->first));
public_enc_key_x = int2oct(0, size / 2);
is.read((char *)static_cast<const unsigned char*>(public_enc_key_x), public_enc_key_x.lengthof());
public_enc_key_y = int2oct(0, size / 2);
is.read((char *)static_cast<const unsigned char*>(public_enc_key_y), public_enc_key_y.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
}
OCTETSTRING public_enc_comp_key;
it = p_files.find(p.replace_extension(_publicEncCompKeysExt));
if (it != p_files.cend()) {
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching public compressed encryption keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
size = std::experimental::filesystem::file_size(*it);
if (size != 33) { // IEEE Std 1609.2 2017: NistP256 or BrainpoolP256r1
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public compressed encryption keys size is incorrect for '%s'", key.c_str());
return -1;
}
public_enc_comp_key = int2oct(0, 33);
is.read((char *)static_cast<const unsigned char*>(public_enc_comp_key), public_enc_comp_key.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
}
// Load issuer
it = p_files.find(p.replace_extension(_issuerDigestExt));
if (it == p_files.cend()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Issuer keys file not found for '%s'", key.c_str());
return -1;
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching issuer keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
size = std::experimental::filesystem::file_size(*it);
if (size != 8) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Issuer keys file not found for '%s'", key.c_str());
return -1;
}
OCTETSTRING issuer = int2oct( 0, size);
is.read((char *)static_cast<const unsigned char*>(issuer), issuer.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
 
// Load hashed_id
it = p_files.find(p.replace_extension(_hashedidDigestExt));
if (it == p_files.cend()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Hashed_Id keys file not found for '%s'", key.c_str());
return -1;
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching hashed_id keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
size = std::experimental::filesystem::file_size(*it);
if (size != 8) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Hashed_Id keys file not found for '%s'", key.c_str());
return -1;
}
OCTETSTRING hashed_id = int2oct( 0, size);
is.read((char *)static_cast<const unsigned char*>(hashed_id), hashed_id.lengthof());
is.close();
// Remove items from the list
p_files.erase(it);
 
// Create new record
etsi_ts103097_certificate_codec codec;
IEEE1609dot2::CertificateBase decoded_certificate;
codec.decode(certificate, decoded_certificate);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Decoded certificate: ", decoded_certificate);
security_db_record* p_ = new security_db_record(
key,
certificate, // Certificate
decoded_certificate,
issuer, // Hashed ID fo the issuer
hashed_id, // Hashed ID
private_key, // Private key
public_key_x, // public keys X-coordinate
public_key_y, // public keys Y-coordinate
public_comp_key, // public compressed key, 33 or 49 bytes length, byte #0 indicating compressed-y-0 (0x02) or compressed-y-1 (0x03)
private_enc_key, // Private encryption key
public_enc_key_x, // Public encryption key X-coordinate
public_enc_key_y, // Public encryption key Y-coordinate
public_enc_comp_key // Public compressed encryption key
);
result = p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(p_)));
if (result.second == false) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to insert new record '%s'", key.c_str());
delete p_;
return -1;
}
p_hashed_id8s.insert(std::pair<OCTETSTRING, std::string>(result.first->second.get()->hashed_id(), result.first->first));
// Reset pointer
it = p_files.cbegin();
} while (it != p_files.cend());
336,6 → 468,33
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
// Public keys
p = _full_path;
p /= p_certificate.certificate_id();
p += _publicKeysExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Public keys file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_key_x()), p_certificate.public_key_x().lengthof());
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_key_y()), p_certificate.public_key_y().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
 
// Public compressed key
p = _full_path;
p /= p_certificate.certificate_id();
p += _publicCompKeysExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Public compressed keys file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_comp_key()), p_certificate.public_comp_key().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
 
// Private encryption key
if (p_certificate.private_enc_key().lengthof() != 0) {
p = _full_path;
349,24 → 508,62
os.write((char *)static_cast<const unsigned char*>(p_certificate.private_enc_key()), p_certificate.private_enc_key().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
// Public encryption keys
p = _full_path;
p /= p_certificate.certificate_id();
p += _publicEncKeysExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Public encryption keys file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_enc_key_x()), p_certificate.public_enc_key_x().lengthof());
os.write((char *)static_cast<const unsigned char*>(p_certificate.public_enc_key_y()), p_certificate.public_enc_key_y().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
}
// Issuer
p = _full_path;
p /= p_certificate.certificate_id();
p += _issuerDigestExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Issuer digest file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write((char *)static_cast<const unsigned char*>(p_certificate.issuer()), p_certificate.issuer().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
// Hashedid8
p = _full_path;
p /= p_certificate.certificate_id();
p += _hashedidDigestExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Hashedid8 digest file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write((char *)static_cast<const unsigned char*>(p_certificate.hashed_id()), p_certificate.hashed_id().lengthof());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
return 0;
} // End of method save_certificate
 
void certificates_loader::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) {
void certificates_loader::fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) {
loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point);
if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0();
security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
p_public_key_x = int2oct(0, 32);
p_public_key_y = int2oct(0, 32);
} else if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1();
security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
p_public_key_x = int2oct(0, 32);
p_public_key_y = int2oct(0, 32);
} else if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
p_public_key_x = p_ecc_point.uncompressedP256().x();
p_public_key_x = p_ecc_point.uncompressedP256().y();
377,19 → 574,17
p_public_comp_key = int2oct(0, 33);
}
}
void certificates_loader::fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) {
void certificates_loader::fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) {
loggers::get_instance().log_msg(">>> certificates_loader::fill_public_key_vectors: ", p_ecc_point);
 
if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__0)) {
p_public_comp_key = int2oct(2, 1) + p_ecc_point.compressed__y__0();
security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__0(), ecc_compressed_mode::compressed_y_0);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
p_public_key_x = int2oct(0, 48);
p_public_key_y = int2oct(0, 48);
} else if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_compressed__y__1)) {
p_public_comp_key = int2oct(3, 1) + p_ecc_point.compressed__y__1();
security_ecc ecc(p_elliptic_curve, p_ecc_point.compressed__y__1(), ecc_compressed_mode::compressed_y_1);
p_public_key_x = ecc.public_key_x();
p_public_key_y = ecc.public_key_y();
p_public_key_x = int2oct(0, 48);
p_public_key_y = int2oct(0, 48);
} else if (p_ecc_point.ischosen(IEEE1609dot2BaseTypes::EccP384CurvePoint::ALT_uncompressedP384)) {
p_public_key_x = p_ecc_point.uncompressedP384().x();
p_public_key_x = p_ecc_point.uncompressedP384().y();
/branches/STF525/ccsrc/Protocols/Security/security_cache.cc
211,11 → 211,11
return false;
}
 
int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) {
int security_cache::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode) {
loggers::get_instance().log_msg(">>> security_cache::store_certificate: ", p_cert_id);
 
std::string key(static_cast<const char*>(p_cert_id));
OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hash, hashed_id8, issuer;
OCTETSTRING cert, private_key, public_key_x, public_key_y, public_comp_key, hashed_id8, issuer;
OCTETSTRING private_enc_key, public_enc_key_x, public_enc_key_y, public_enc_comp_key;
 
security_cache::fill_vector(cert, p_cert);
228,7 → 228,6
loggers::get_instance().log_msg("security_cache::store_certificate: public_comp_key: ", public_comp_key);
}
 
security_cache::fill_vector(hash, p_hash);
security_cache::fill_vector(hashed_id8, p_hashed_id8);
security_cache::fill_vector(issuer, p_issuer);
249,8 → 248,7
cert, // Certificate
decoded_certificate,
issuer, // Hashed ID for the issuer
hash, // Whole-certificate hash
hashed_id8, // Whole-certificate hashed ID
hashed_id8, // Hashed ID
private_key, // Private key
public_key_x, // Public key X-coordinate
public_key_y, // Public key Y-coordinate
/branches/STF525/ccsrc/Protocols/Security/security_db.cc
40,10 → 40,10
return 0;
}
 
int security_db::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressd_key, const INTEGER& p_public_enc_compressed_key_mode) {
int security_db::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressd_key, const INTEGER& p_public_enc_compressed_key_mode) {
loggers::get_instance().log_msg(">>> security_db::store_certificate: ", p_cert_id);
 
if (security_cache::store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_compressed_key, p_public_compressed_key_mode, p_hash, p_hashed_id8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressd_key, p_public_enc_compressed_key_mode) != 0) {
if (security_cache::store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_compressed_key, p_public_compressed_key_mode, p_hashed_id8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressd_key, p_public_enc_compressed_key_mode) != 0) {
return -1;
}
 
/branches/STF525/ccsrc/Protocols/Security/security_db_record.hh
30,7 → 30,7
std::string _certificate_id; /*!< Certificate storage*/
OCTETSTRING _certificate; /*!< COER storage */
OCTETSTRING _hashed_id_issuer; /*!< Hash id 8 of the issuer certificate */
OCTETSTRING _hash; /*!< Certificate hash storage */ // TODO Check if it's usefull, otherwise remove it
OCTETSTRING _hash; /*!< Certificate hash storage */
OCTETSTRING _hashed_id; /*!< Certificate hash id 8 storage */
OCTETSTRING _pr_key; /*!< Private key storage */
OCTETSTRING _pu_key_x; /*!< Public key X-coordinate storage */
54,7 → 54,6
* \param[in] p_certificate The COER encoded certificate
* \param[in] p_decoded_certificate The decoded certificate
* \param[in] p_hashed_id_issuer The HashedId of the certificate issuer
* \param[in] p_hash The whole-certificate hash
* \param[in] p_hashed_id The whole-certificate hashed id
* \param[in] p_pr_key The private signature key
* \param[in] p_pu_key_x The public X-coordinate signature key
66,7 → 65,7
* \param[in] p_pu_enc_comp_key_y The public compressed coordinate encryption key
* \param[in] p_to_be_saved Set to true to save on disk this certificate.Default: true
*/
security_db_record(const std::string& p_certificate_id, const OCTETSTRING& p_certificate, const IEEE1609dot2::CertificateBase& p_decoded_certificate, const OCTETSTRING& p_hashed_id_issuer, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashed_id, const OCTETSTRING& p_pr_key, const OCTETSTRING& p_pu_key_x, const OCTETSTRING& p_pu_key_y, const OCTETSTRING& p_pu_comp_key, const OCTETSTRING& p_pr_enc_key, const OCTETSTRING& p_pu_enc_key_x, const OCTETSTRING& p_pu_enc_key_y, const OCTETSTRING& p_pu_enc_comp_key_y, const bool p_to_be_saved = true);
security_db_record(const std::string& p_certificate_id, const OCTETSTRING& p_certificate, const IEEE1609dot2::CertificateBase& p_decoded_certificate, const OCTETSTRING& p_hashed_id_issuer, const OCTETSTRING& p_hashed_id, const OCTETSTRING& p_pr_key, const OCTETSTRING& p_pu_key_x, const OCTETSTRING& p_pu_key_y, const OCTETSTRING& p_pu_comp_key, const OCTETSTRING& p_pr_enc_key, const OCTETSTRING& p_pu_enc_key_x, const OCTETSTRING& p_pu_enc_key_y, const OCTETSTRING& p_pu_enc_comp_key_y, const bool p_to_be_saved = true);
/*!
* \brief Default dtor
/branches/STF525/ccsrc/Protocols/Security/security_services.cc
68,7 → 68,7
return 0;
}
 
int security_services::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode) {
int security_services::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode) {
loggers::get_instance().log_msg(">>> security_services::store_certificate: ", p_cert_id);
 
// Sanity checks
76,7 → 76,7
loggers::get_instance().warning("security_services::store_certificate: Not initialised");
return -1;
}
return _security_db.get()->store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_comp_key, p_public_comp_key_mode, p_hash, p_hashid8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressed_key, p_public_enc_key_compressed_mode);
return _security_db.get()->store_certificate(p_cert_id, p_cert, p_private_key, p_public_key_x, p_public_key_y, p_public_comp_key, p_public_comp_key_mode, p_hashid8, p_issuer, p_private_enc_key, p_public_enc_key_x, p_public_enc_key_y, p_public_enc_compressed_key, p_public_enc_key_compressed_mode);
}
 
int security_services::verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, IEEE1609dot2::Ieee1609Dot2Data& p_ieee_1609dot2_data, OCTETSTRING& p_unsecured_gn_payload, params& p_params) {
891,9 → 891,6
}
} else {
loggers::get_instance().warning("security_services::extract_encryption_keys: EncryptionKey omitted");
p_public_enc_key_x = OCTETSTRING(0, nullptr);
p_public_enc_key_y = OCTETSTRING(0, nullptr);
p_public_enc_comp_key = OCTETSTRING(0, nullptr);
return 0; // Normal termination
}
 
952,9 → 949,8
public_comp_key,
public_comp_key_mode,
hash_cert,
hashed_id8,
p_certificate.issuer().sha256AndDigest(),
OCTETSTRING(0, nullptr), // Encryption private not used
int2oct(0, 32), // Encryption private not used
public_enc_key_x,
public_enc_key_y,
public_enc_comp_key,
1001,9 → 997,8
public_comp_key,
public_comp_key_mode,
hash_cert,
hashed_id8,
p_certificate.issuer().sha384AndDigest(),
OCTETSTRING(0, nullptr), // Encryption private not used
int2oct(0,48), // Encryption private not used
public_enc_key_x,
public_enc_key_y,
public_enc_comp_key,
/branches/STF525/ccsrc/Protocols/Security/security_services.hh
101,7 → 101,7
int setup(params &p_params);
int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode);
int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode);
 
inline void set_position(const int p_latitude, const int p_longitude, const int p_elevation = 0) { _latitude = p_latitude; _longitude = p_longitude; _elevation = p_elevation; };
/branches/STF525/ccsrc/Protocols/Security/certificates_loader.hh
19,7 → 19,6
#include <experimental/filesystem>
 
#include "security_db_record.hh"
#include "security_ecc.hh"
 
namespace IEEE1609dot2BaseTypes {
class EccP256CurvePoint; //! Declare TITAN class
32,9 → 31,15
* \remark Singleton pattern
*/
class certificates_loader {
std::string _certificateExt; //! COER encoding certificate extension. Default: .oer
std::string _privateKeyExt; //! Private signing key extension. Default: .vkey
std::string _privateEncKeyExt; //! Private cyphering key extension. Default: .ekey
std::string _certificateExt; //! COER encoding certificate extension. Default: .oer
std::string _privateKeyExt; //! Private signing key extension. Default: .vkey
std::string _privateEncKeyExt; //! Private cyphering key extension. Default: .ekey
std::string _publicKeysExt;
std::string _publicCompKeysExt;
std::string _publicEncKeysExt;
std::string _hashedidDigestExt;
std::string _issuerDigestExt;
std::string _publicEncCompKeysExt;
std::experimental::filesystem::path _full_path; //! The full folder path to load certificates
bool _is_cache_initialized; //! Set to true when certificates are successfully loaded from file system
std::set<std::string> _directory_filter; //! Directory filter (for local development purposes only)
75,6 → 80,6
 
int build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<OCTETSTRING, std::string>& p_hashed_id8s);
void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
void fill_public_key_vectors(const ec_elliptic_curves p_elliptic_curve, const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
void fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP256CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
void fill_public_key_vectors(const IEEE1609dot2BaseTypes::EccP384CurvePoint& p_ecc_point, OCTETSTRING& p_public_comp_key, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y);
}; // End of class certificates_loader
/branches/STF525/ccsrc/Protocols/Security/security_cache.hh
56,7 → 56,7
int get_public_enc_keys(const std::string& p_certificate_id, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y) const;
int get_public_enc_comp_key(const std::string& p_certificate_id, OCTETSTRING& p_public_enc_comp_key, INTEGER& p_enc_comp_mode) const;
 
virtual int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
virtual int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
 
virtual int clear();
/branches/STF525/ccsrc/Protocols/Security/security_db.hh
38,7 → 38,7
* \param[in] p_cert_id The certificate identifier
* \return 0 on success, -1 otherwise
*/
int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_compressed_key, const INTEGER& p_public_compressed_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_compressed_key_mode);
 
private: /*! \privatesection */
/*!
/branches/STF525/ccsrc/Protocols/Security/security_db_record.cc
19,7 → 19,6
const OCTETSTRING& p_certificate,
const IEEE1609dot2::CertificateBase& p_decoded_certificate,
const OCTETSTRING& p_hashed_id_issuer,
const OCTETSTRING& p_hash,
const OCTETSTRING& p_hashed_id,
const OCTETSTRING& p_pr_key,
const OCTETSTRING& p_pu_key_x,
30,7 → 29,14
const OCTETSTRING& p_pu_enc_key_y,
const OCTETSTRING& p_pu_enc_comp_key,
const bool p_to_be_saved
): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(p_certificate_id), _certificate(p_certificate), _hashed_id_issuer(p_hashed_id_issuer), _hash(p_hash), _hashed_id(p_hashed_id), _pr_key(p_pr_key), _pu_key_x(p_pu_key_x), _pu_key_y(p_pu_key_y), _pu_comp_key(p_pu_comp_key), _pr_enc_key(p_pr_enc_key), _pu_enc_key_x(p_pu_enc_key_x), _pu_enc_key_y(p_pu_enc_key_y), _pu_enc_comp_key(p_pu_enc_comp_key), _to_be_saved(p_to_be_saved), _decoded_certificate(static_cast<IEEE1609dot2::CertificateBase*>(p_decoded_certificate.clone())) {
): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(p_certificate_id), _certificate(p_certificate), _hashed_id_issuer(p_hashed_id_issuer), _hash(), _hashed_id(p_hashed_id), _pr_key(p_pr_key), _pu_key_x(p_pu_key_x), _pu_key_y(p_pu_key_y), _pu_comp_key(p_pu_comp_key), _pr_enc_key(p_pr_enc_key), _pu_enc_key_x(p_pu_enc_key_x), _pu_enc_key_y(p_pu_enc_key_y), _pu_enc_comp_key(p_pu_enc_comp_key), _to_be_saved(p_to_be_saved), _decoded_certificate(static_cast<IEEE1609dot2::CertificateBase*>(p_decoded_certificate.clone())) {
if (p_pr_key.lengthof() == 32) {
sha256 sha;
sha.generate(_certificate, _hash);
} else {
sha384 sha;
sha.generate(_certificate, _hash);
}
}
 
const IEEE1609dot2::CertificateBase& security_db_record::decoded_certificate() const {
/branches/STF525/ccsrc/Externals/LibItsSecurity_externals.cc
951,7 → 951,7
return TRUE;
}
 
BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hash, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) {
BOOLEAN fx__store__certificate(const CHARSTRING& p__cert__id, const OCTETSTRING& p__cert, const OCTETSTRING& p__private__key, const OCTETSTRING& p__public__key__x, const OCTETSTRING& p__public__key__y, const OCTETSTRING& p__public__key__compressed, const INTEGER& p__public__key__compressed__mode, const OCTETSTRING& p__hashid8, const OCTETSTRING& p__issuer, const OCTETSTRING_template& p__private__enc__key, const OCTETSTRING_template& p__public__enc__key__x, const OCTETSTRING_template& p__public__enc__key__y, const OCTETSTRING_template& p__public__enc__compressed__key, const INTEGER_template& p__public__enc__key__compressed__mode) {
loggers::get_instance().log(">>> fx__store__certificate: '%s'", static_cast<const char*>(p__cert__id));
 
int result;
959,9 → 959,9
const OCTETSTRING private_enc_key = p__private__enc__key.valueof();
const OCTETSTRING public_enc_key_x = p__public__enc__key__x.valueof();
const OCTETSTRING public_enc_key_y = p__public__enc__key__y.valueof();
result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof());
result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hashid8, p__issuer, p__private__enc__key.valueof(), p__public__enc__key__x.valueof(), p__public__enc__key__y.valueof(), p__public__enc__compressed__key.valueof(), p__public__enc__key__compressed__mode.valueof());
} else {
result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hash, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1));
result = security_services::get_instance().store_certificate(p__cert__id, p__cert, p__private__key, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed__mode, p__hashid8, p__issuer, OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), OCTETSTRING(0, nullptr), INTEGER(-1));
}
return (result == 0);
/branches/STF525/ttcn/TestCodec/TestCodec_SecuredFuntions.ttcn
66,7 → 66,7
setverdict(pass);
}
 
if (fx_readCertificate("CERT_IUT_A_AA", v_certificate) == false) {
if (fx_readCertificate("CERT_IUT_A_RCA", v_certificate) == false) {
setverdict(fail);
} else {
var bitstring v_oct2bit;
88,7 → 88,7
setverdict(fail);
} else {
var octetstring v_digest;
if (fx_readCertificateDigest("CERT_IUT_A_AA", v_digest) == false) {
if (fx_readCertificateDigest("CERT_IUT_A_RCA", v_digest) == false) {
setverdict(fail);
} else {
log("v_digest = ", v_digest);
102,7 → 102,7
setverdict(fail);
} else {
var octetstring v_hash;
if (fx_readCertificateHash("CERT_IUT_A_AA", v_hash) == false) {
if (fx_readCertificateHash("CERT_IUT_A_RCA", v_hash) == false) {
setverdict(fail);
} else {
log("v_hash = ", v_hash);
/branches/STF525/ttcn/TestCodec/TestCodec_ChainOfCertificates.ttcn
150,9 → 150,9
// Store Private key in binary format
fx_loadCertificates("/home/vagrant/tmp/Yann", "");
fx_store_certificate("CERT_IUT_A_RCA", v_chain_sec_info.ca.enc_cert, v_chain_sec_info.ca.private_key, v_chain_sec_info.ca.public_key_x, v_chain_sec_info.ca.public_key_y, v_chain_sec_info.ca.public_key_compressed, v_chain_sec_info.ca.compressed_mode, v_chain_sec_info.ca.hash, v_chain_sec_info.ca.hashedid8, v_chain_sec_info.ca.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_IUT_A_AA", v_chain_sec_info.aa.enc_cert, v_chain_sec_info.aa.private_key, v_chain_sec_info.aa.public_key_x, v_chain_sec_info.aa.public_key_y, v_chain_sec_info.aa.public_key_compressed, v_chain_sec_info.aa.compressed_mode, v_chain_sec_info.aa.hash, v_chain_sec_info.aa.hashedid8, v_chain_sec_info.aa.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_IUT_A_AT", v_chain_sec_info.at.enc_cert, v_chain_sec_info.at.private_key, v_chain_sec_info.at.public_key_x, v_chain_sec_info.at.public_key_y, v_chain_sec_info.at.public_key_compressed, v_chain_sec_info.at.compressed_mode, v_chain_sec_info.at.hash, v_chain_sec_info.at.hashedid8, v_chain_sec_info.at.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_TEST_A_ROOT", v_chain_sec_info.ca.enc_cert, v_chain_sec_info.ca.private_key, v_chain_sec_info.ca.public_key_x, v_chain_sec_info.ca.public_key_y, v_chain_sec_info.ca.public_key_compressed, v_chain_sec_info.ca.compressed_mode, v_chain_sec_info.ca.hashedid8, v_chain_sec_info.ca.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_TS_A_AA", v_chain_sec_info.aa.enc_cert, v_chain_sec_info.aa.private_key, v_chain_sec_info.aa.public_key_x, v_chain_sec_info.aa.public_key_y, v_chain_sec_info.aa.public_key_compressed, v_chain_sec_info.aa.compressed_mode, v_chain_sec_info.aa.hashedid8, v_chain_sec_info.aa.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_TS_A_AT", v_chain_sec_info.at.enc_cert, v_chain_sec_info.at.private_key, v_chain_sec_info.at.public_key_x, v_chain_sec_info.at.public_key_y, v_chain_sec_info.at.public_key_compressed, v_chain_sec_info.at.compressed_mode, v_chain_sec_info.at.hashedid8, v_chain_sec_info.at.issuer, omit, omit, omit, omit, omit);
// Create a basic GeoNetworking message
v_gnNonSecuredPacket := m_geoNwShbPacket(
300,9 → 300,9
// Store Private key in binary format
fx_loadCertificates("/home/vagrant/tmp/Yann", "");
fx_store_certificate("CERT_TEST_B_ROOT", v_chain_sec_info.ca.enc_cert, v_chain_sec_info.ca.private_key, v_chain_sec_info.ca.public_key_x, v_chain_sec_info.ca.public_key_y, v_chain_sec_info.ca.public_key_compressed, v_chain_sec_info.ca.compressed_mode, v_chain_sec_info.ca.hash, v_chain_sec_info.ca.hashedid8, v_chain_sec_info.ca.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_TS_B_AA", v_chain_sec_info.aa.enc_cert, v_chain_sec_info.aa.private_key, v_chain_sec_info.aa.public_key_x, v_chain_sec_info.aa.public_key_y, v_chain_sec_info.aa.public_key_compressed, v_chain_sec_info.aa.compressed_mode, v_chain_sec_info.aa.hash, v_chain_sec_info.aa.hashedid8, v_chain_sec_info.aa.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_TS_B_AT", v_chain_sec_info.at.enc_cert, v_chain_sec_info.at.private_key, v_chain_sec_info.at.public_key_x, v_chain_sec_info.at.public_key_y, v_chain_sec_info.at.public_key_compressed, v_chain_sec_info.at.compressed_mode, v_chain_sec_info.at.hash, v_chain_sec_info.at.hashedid8, v_chain_sec_info.at.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_TEST_B_ROOT", v_chain_sec_info.ca.enc_cert, v_chain_sec_info.ca.private_key, v_chain_sec_info.ca.public_key_x, v_chain_sec_info.ca.public_key_y, v_chain_sec_info.ca.public_key_compressed, v_chain_sec_info.ca.compressed_mode, v_chain_sec_info.ca.hashedid8, v_chain_sec_info.ca.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_TS_B_AA", v_chain_sec_info.aa.enc_cert, v_chain_sec_info.aa.private_key, v_chain_sec_info.aa.public_key_x, v_chain_sec_info.aa.public_key_y, v_chain_sec_info.aa.public_key_compressed, v_chain_sec_info.aa.compressed_mode, v_chain_sec_info.aa.hashedid8, v_chain_sec_info.aa.issuer, omit, omit, omit, omit, omit);
fx_store_certificate("CERT_TS_B_AT", v_chain_sec_info.at.enc_cert, v_chain_sec_info.at.private_key, v_chain_sec_info.at.public_key_x, v_chain_sec_info.at.public_key_y, v_chain_sec_info.at.public_key_compressed, v_chain_sec_info.at.compressed_mode, v_chain_sec_info.at.hashedid8, v_chain_sec_info.at.issuer, omit, omit, omit, omit, omit);
// Create a basic GeoNetworking message
v_gnNonSecuredPacket := m_geoNwShbPacket(
/branches/STF525/etc/TestCodec/TestCodec.cfg
21,7 → 21,7
# Root path to access certificate stored in files, identified by certficate ID
LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "Yann" #"cert_asn1c" #"test_01";
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "cert_asn1c" #"test_01";
 
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
286,6 → 286,11
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_1
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_2
#TestCodec_SecuredFuntions.tc_f_verifyWithEcdsaBrainpoolp384WithSha384_3 # Shall failed on error: Dynamic test case error: security_ecc::security_ecc (2): Failed to get coordinates
#TestCodec_SecuredFuntions.tc_load_certificates
#TestCodec_SecuredFuntions.tc_read_certificate_1
#TestCodec_SecuredFuntions.tc_read_certificate_2
#TestCodec_SecuredFuntions.tc_read_certificate_digest
#TestCodec_SecuredFuntions.tc_read_certificate_hash
# Certificates
#TestCodec_Certificates.tc_root_certificate_sha256_1
#TestCodec_Certificates.tc_root_certificate_sha256_2
305,13 → 310,8
#TestCodec_SecuredMessages.tc_secured_message_signed_and_encrypted_1
#TestCodec_SecuredMessages.tc_secured_message_signed_and_encrypted_2
# Chain of certificates
TestCodec_ChainOfCertificates.tc_full_check_certificate_1
#TestCodec_ChainOfCertificates.tc_full_check_certificate_1
#TestCodec_ChainOfCertificates.tc_full_check_certificate_2
TestCodec_SecuredFuntions.tc_load_certificates
TestCodec_SecuredFuntions.tc_read_certificate_1
TestCodec_SecuredFuntions.tc_read_certificate_2
TestCodec_SecuredFuntions.tc_read_certificate_digest
TestCodec_SecuredFuntions.tc_read_certificate_hash
# Encryption
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test1
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test2
319,9 → 319,9
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
#TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_4
# Pki
#TestCodec_Pki.tc_inner_ec_request_1